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W3C HAS NEW SPECS FOR 
SEMANTIC WEB VISION 

Group addresses manipulation of data 



BY YVONNE L. LEE 

The World Wide Web Consor- 
tium this year is working on 
efforts that will advance its 
vision of the Semantic Web. 

New specifications, which the 
organization began introducing 
in December and will continue 
rolling out the first half of this 
year, will help annotate informa- 
tion and turn that information 
into data that can be searched, 
manipulated and interpreted by 
computer programs. 

For example, the XQuery 
specification, which is due in the 
second quarter of 2005, not only 
specifies a language for querying 
XML files, but also lays out how 



to demarcate information so that 
it can be queried, said Philippe 
Le Hegaret, the W3C s architec- 
ture domain leader. 

"One of the things that XML 
Query and XSL [working 
groups] have been working on 
is an extension of the data mod- 
el," he said. "When XML 
Schema was released, that 
extended that information set 
to include a [data] typing mech- 
anism. When you introduce 
more and more typing, you can 
start doing reasoning." 

XQuery is the anticipated 
query language for XML docu- 
ments for which BE A, Micro- 
► continued on page 16 



New UDDI Spec 
To Link Multiple 
Repositories 



BY YVONNE L. LEE 

The UDDI Web services direc- 
tory specification was revamped 
in February to enable enterpris- 
es to build connected internal 
directories that can subscribe to 
one another for updated infor- 
mation. The OASIS vendor con- 
sortium, which manages the 
specification, also added new 
authentication capabilities. 

Previous versions of UDDI 
focused on creating a single 
directory, which would be used 
throughout an organization or 
which could be made public. 
But because most Web services 
work was interdepartmental, 
with different repositories in 
each group, it had not been as 



widely used as the other basic 
Web services standards: XML, 
WSDL and SOAP. UDDI 3.02 
recognizes this integration 
among departments and creates 
directories that can be main- 
tained separately but function in 
concert, said Luc Clement, 
senior program manager at 
Systinet and co-chair of OASIS' 
UDDI technical committee. 

According to Clement, orga- 
nizations will be able to reveal 
information in the directories 
according to different security, 
transport or quality-of-service 
levels they have specified in 
business rules. 

"Offering the varying infor- 
► continued on page 14 



CHANGES IN UDDI 3.02: 

Registry Affiliation: Software instructions for linking registries. 

User-Definable Keys: Administrators can specify their database 

identifiers for registry information. 

Domain- Based Keys: Those database identifiers now take the 

form of a URI. 

Registry Subscription: One registry can update another. 

Digital Signature Support: It is now possible to authenticate 

information in a registry. Source: oasis 



Microsoft's Message: Smart Clients 

At VSLive, emphasis on .NET clients, Tablets, Avalon, Indigo 

TV 



BY ALAN ZEICHICK 

SAN FRANCISCO — At this 
winters VSLive conference, held 
here in early February, 
Microsoft's core message 
was about the importance 
of so-called "smart clients." That 
is, that developers should build 
server-side applications that can 
operate through a browser using 
ASRNET 2.0— but if the server 
detects that the client is a Win- 
dows box with the .NET Frame- 
work installed, developers 
should push down a Windows 
Forms client application instead. 
VSLive is a Windows-specific 
► continued on page 20 




Web applications should be optimized for Windows desktops, said 
Microsoft's Somasegar. 
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MOVING 
AOP OUT 
OF THE LAB 

Limited commercial 
offerings available 

BY JENNIFER DEJONG 

It's time for aspect-oriented 
programming to lose its acade- 
mic image. 

On the eve of the Interna- 
tional Conference on Aspect- 
Oriented Software Develop- 
ment, expected to take place in 
Chicago March 14-18, that's 
what at least one of AOP's pro- 
ponents is saying about the 
technology that lets developers 
separate "aspects," such as log- 
ging or security, from the actual 
codebase. 

"There is no sense in [talking 

about] AOP for AOP's sake. 

That story is boring," said Marc 

Fleury, chairman and CEO of 

► continued on page 26 
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A Legal Way to Hack Tivo 



Company to open consumer device to enterprise back end 



BY EDWARD J. CORREIA 

Tivo built it, hackers came. 
Now there's an SDK. 

Tivo Inc., whose Linux- 
based personal video recorder 
tempted a generation of hack- 
ers to add hard drives and func- 
tionality, has released a soft- 
ware development kit that 
permits third-party Java devel- 
opers to run their applications 
through the device. The com- 
pany plans to add C++ and C# 
editions in the near future. The 
free tool is available under the 
Common Public License. 

The SDK targets the Home 
Media Engine (HME), a Tivo- 



resident UI display technology 
developed mainly by Arthur van 
Hoff, Tivos principal engineer. 
"This will be a way that you can 
deliver apps to your Tivo hosted 
on the Internet that can add 
exciting new functionality," 
while remaining under Tivo's 
control, he said, a requirement 
that ensures that Tivo remains 
stable. "Because of the tight 
integration between its real-time 
hardware and software, it's real- 
ly hard to add applications to 
Tivo. We don't want your code 
going into an infinite loop and to 
force reboot [for example]." 
HME uses a technique simi- 



lar to the remote display capabil- 
ity of the X Window System, 
commonly known as XI 1. "It's a 
display protocol that can render 
a multimedia UI with audio, 
video and animation; the Tivo 
does not actually run the appli- 
cation," he explained. Van Hoff 
said that obvious applications 
include entertainment, news 
and other content delivery, and 
for health-care and hospitality 
industries. "We've had inquires 
from hospitals thinking about 
putting Tivos in patient rooms 
for check-in/check-out," he said. 
Until the service is deployed 
sometime later this year, appli- 



cations run on a PC in the same 
local network as the Tivo, van 
Hoff said, and appear through 
Tivo units with HME activated. 
Apps are discovered using 
Apple's Rendezvous discovery 
protocol. Tivo will ultimately 
make available a hosting ser- 
vice, on which certified apps 
will be stored and offered to 
subscribers of its US$12.95 
monthly service. "Developers 
give us their jar files, and we 
certify it and put it on a server." 
Certified apps will be those the 
company verifies follow certain 
interface rules and norms. 
"Approved apps don't have to 



be exactly like the Tivo UI, but 
we want them to be familiar, 
easy to use and fit within the 
greater Tivo framework." 
Local, Internet and enterprise 
hosting will remain options. 

The SDK is the first step in 
the company's larger strategy 
unveiled at January's Consumer 
Electronics Show to position 
Tivo as a service platform, van 
Hoff said. "We're not doing this 
to please the hacker communi- 
ty, but we are as a side effect; 
we'd like there to be a legal way 
to add functionality and 
approved third-party applica- 
tions." Embedded editions of 
the SDK will follow, van Hoff 
said. And while he declined to 
specify when or for which oper- 
ating systems, he described a 
scenario involving Apple's pop- 
ular iPod music player. I 



Corporate Executives Slimming Down 

High-profile managers are moving to start-ups and smaller companies 



BY YVONNE L. LEE 

The classic decision is whether 
to attempt to be a big fish in a 
small pond or a small fish in a 
big pond, but recently some big 
fish have moved from software 
oceans to smaller creeks. 

Although these executives 
could easily have moved to simi- 
lar positions in other large firms, 
they cited several common rea- 
sons why they wanted to make a 
move to a start-up or a smaller 
company, and why they were 
able to do so successfully. 

For example, Nancy Li and 
Chris Wagner, former chief 
technical officer and former 
executive vice president, respec- 
tively, at Computer Associates, 
left in 2003 when new CA CEO 
Sanjay Kumar wanted to run 
their iCAN subsidiary less like a 
separate company and more 
like a division within the large 
company. 

Kumar himself resigned in 
2004 amidst an investigation by 
the U.S. Attorney's Office for 
the Eastern District of New 
York and by the U.S. Securities 
and Exchange Commission for 
CA's past accounting practices. 
Li and Wagner are now CEO 



and executive vice president 
of start-up NeuLion, which 
builds, integrates and maintains 
Web services. 

FROM NOVELL TO CASSATT 

Bob Frankenberg's story is 
more personal. He had been 
chairman, president and CEO 
of Novell and left in 1996 to 
care for his wife, who had been 
diagnosed with cancer. She has 
since recovered. 

"After six to eight months 
learning more about cancer 
than I wanted to know, my wife 
caught me alphabetizing the 
spice drawer," said Franken- 
berg. So, he went off to help 
found Encanto Networks, of 
which he became president, 
CEO and later chairman of the 
board. Encanto spun off Kinzan 
in 1998. Frankenberg is now 
chairman and CEO of Kinzan. 

Web services integration 
firm Cassatt, founded in 2003, 
includes former BE A chairman 
and CEO Bill Coleman, former 
Sun chief technologist Rob Gin- 
gell, and ex- Sun vice president 
of Java and XML software Rich 
Green on its executive team. 

More recently, in 2004, 




'It used to be that being a big 
fish in a big pond was fairly 
secure. By comparison, starting 
a start-up involved a lot of risk. 
I think that has changed. ' 

—Bob Frankenberg, chairman and CEO of Kinzan 




'It's tough to change 
the world when you work 
at a big company.' 



—Chris Wagner, executive 
vice president of NeuLion 



Byron Sebastian and Cornelius 
Willis, who had been vice pres- 
ident and general manager of 
BE As Web Logic Portal and 
Workshop divisions and vice 
president of developer market- 
ing, respectively, left to form 
Sourcelabs, an open-source 
consulting and integration com- 
pany. When Willis was looking 
for opportunities outside BE A, 
geography limited him. 

"For me, personally, I have 
to work in Seattle. My family 
has told me that," he said. As 
for the major software vendor 
in the Northwest, Willis had 
already been there and done 
that, having been director of 
platform marketing at Micro- 
soft before joining BEA. 

FREEDOM AND AGILITY 

While each of these executives 
had different motivations for 
leaving the larger companies, 
they share some reasons for pre- 
ferring smaller firms and beliefs 
in why now is a good time for 
start-ups to emerge. Those rea- 
sons involve smaller companies' 
agility, opportunity to exploit 
new markets, and the opportuni- 



ty to explore new technologies. 

"For me, it's always the 
smaller companies that have 
the ability to move faster," said 
Steve Levine, vice president of 
corporate marketing at Cassatt, 
who had been vice president of 
product marketing for Oracle's 
collaboration suite. "If you see 
a change happening in the mar- 
ket, smaller companies have 
the opportunity to take advan- 
tage of it." 

"It's tough to change the 
world when you work at a big 
company," said NeuLion's Wag- 
ner. "A lot of times, you see 
with a big company, they have a 
legacy they have to deal with. 
Plus, it's a lot more fun [in a 
smaller company]. You get to 
create something new, and you 
get to see the impact of that 
more immediately." 

"I think that there are 
degrees of freedom to go create 
something new that are being 
shut down on larger high-tech 
companies," said Kinzan's 
Frankenberg, adding that the 
software industry is becoming 
more mature. "It makes things 
more mundane than people 



signed up for when they began 
their careers. Certainly, the 
industry is maturing. The allure 
that brought people in the first 
place is the same one that pulls 
them to go do something on 
their own with a few colleagues 
they meet in putting their plans 
together." 

NOW IS THE TIME 

Current technology trends and 
business cycles make this time 
particularly conducive to start- 
ing new businesses, several 
executives said. 

While in the past two years, 
companies, consortia and open- 
source groups have devised 
ideas around service-oriented 
architectures and Web services, 
now those ideas are firm 
enough to start new companies, 
said Levine. 

"It used to be that being a 
big fish in a big pond was fairly 
secure," said Frankenberg. "By 
comparison, starting a start-up 
involved a lot of risk. I think 
that has changed. I don't think 
anybody's secure anymore. Peo- 
ple are realizing the level of 
security in larger companies is 
that there's not as big a gap as 
there once was." 

No matter what the technol- 
ogy trends are, no companies 
would form without funding, 
and that's opening up after a 
drought, said Frankenberg. 

"What I've seen in the last 
year is that there's a more 
friendly capital market than 
there was after the bomb," he 
said. "Funding is much easier to 
obtain. People who might have 
had aspirations to start their 
own company couldn't because 
funding was zero." I 
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Another Boost for Visual SlickEdit 

Version 10 gets more C++ refactorings, enhanced Java productivity, better debugging 



BY JENNIFER DEJONG 

SlickEdit is getting ready to 
give its powerful IDE yet 
another boost of adrenaline. 

The Morrisville, N.C. -based 
company is expected to 
announce later this month ver- 
sion 10 of Visual SlickEdit, its 
multilanguage, multiplatform 
development environment for 
writing, editing, building, run- 
ning and debugging applica- 
tions. Chief among the 
improvements to the updated 
offering, which originated as a 
text-based code editor in 1988, 
is a new look and feel, addition- 
al refactorings for C + + pro- 
grammers, real-time error noti- 
fication and other productivity 
features for Java developers, as 
well debugging enhancements, 
said SlickEdit's director of 
development, Scott Westfall. 



The user interface sports 
new, more modern-looking 
icons and lets developers dock 
windows and toolbars anywhere 
on the screen, improving on the 
previous version 9, which man- 
dated that certain windows and 
toolbars be docked in fixed 
locations. It also lets them 
assign more operations, such as 
page up and page down, to the 
mouse, instead of just relying 
on the keyboard, he said. 

For C++ developers, version 
10 adds six new refactorings to 
the 10 introduced in version 9 
last year, including modify para- 
meters (which changes parame- 
ter names), pull up and push 
down (which, for example, 
takes a function or data from a 
subclass and pulls it up into a 
super class), and extract class 
and extract super class (which 
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The updated Visual SlickEdit sports a more modern look and feel. 



moves the methods associated 
with existing classes or super 
classes to new ones). Refactor- 
ing is the ability to improve a 
programs source code struc- 



ture, and, thus, its overall per- 
formance. While a developer 
could attempt to refactor code 
using search-and-replace tech- 
niques, doing so is time-con- 



Collaborating on Enterprise Modeling 

Proforma includes new thin client for review-oriented roles 



BY DAVID RUBINSTEIN 

To expand the scope of its enter- 
prise modeling software, Profor- 
ma has released thin-client tools 
that enable server-based collabo- 
ration and a model warehouse 
for manipulating data. 

The company's ProVision 
4.4.3 suite includes Pro Server, a 
Web-based server application 
that runs inside a J2EE servlet 
container; and ProVision Enter- 
prise, the model authoring tool 
formerly known as Workbench. 

New to this release are the 
Web Vision thin client and Mod- 
el Warehouse of data represent- 
ing the definition of the enter- 
prise, according to CTO Jerry 
Huchzemeier. "It covers every- 
thing from strategic planning 
down to logical design," he said. 

The WebVision client, which 
starts at US$20,000 for 50 
users, caters to a larger group of 
review-oriented people within 
an organization. The client 
pulls data directly out of the 
ProServer repository so WebVi- 
sion users can navigate through 
the models, post notes and 
point out errors, he explained. 

The Model Warehouse is 
designed to give people using 
third-party tools, such as Crys- 
tal Reports, the ability to access 
the data. "It's dumped into rela- 



tional form for access by any 
tool that can manipulate rela- 
tional tables," said Mike Antho- 
ny, senior architect. "It's basi- 
cally an export feature. 

ProServer, which costs 
$15,000, can use Oracle and 
SQL Server; Proforma "might 
add DB2 if we find customer 



demand," Huchzemeier said. 
BEA's WebLogic and IBM's 
WebSphere, running on Win- 
dows or Solaris, are the server 
platforms, he said. 

The tools allow for the cre- 
ation of high-end conceptual 
and analytical models of an 
enterprise. Enterprise architects 



seeking to define the technology 
components and infrastructure 
of an organization would use 
ProVision Enterprise, at $3,500 
per user, to create the models, 
which can be UML-based, 
workflow models that generate 
BPEL, and strategy and organi- 
zational models. I 
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The Provision suite lets developers create high-end conceptual and analytical models of an enterprise. 



suming and error-prone, West- 
fall said. But SlickEdit ensures 
accuracy. "If your program 
would compile when you start- 
ed, it will compile [once the 
refactoring is complete]," he 
said. "You can't code yourself 
into a corner." 

Also new is support for 
Microsoft's C# software devel- 
opment kit from within 
SlickEdit. "We have always 
been able to edit C# code, but 
now you can create mini-pro- 
jects and build them using the 
SDK," Westfall said. If a devel- 
oper is looking to get into C#, 
SlickEdit, which starts at 
US$299 per developer, is a less 
expensive alternative to Visual 
Studio, he said. 

JAVA UPDATES, TOO 

SlickEdit's real-time error notifi- 
cation for Java coders catches 
simple syntax errors, such as 
omitting a semicolon, as the 
developer works, instead of 
waiting to find them at compile 
time, Westfall said. Other Java 
updates include support for 
Javascript 1.4 from 1.2, "orga- 
nize imports" (which automates 
the process of adding needed 
import statements and removing 
unneeded ones) and support for 
JUnit, allowing developers to 
write, run and get reports on 
unit tests within SlickEdit. 

Debugging enhancements 
include a "mixed mode view" 
feature that lets developers see 
C++ source code interspersed 
with Assembly language, offer- 
ing a finer level of granularity 
and control for embedded 
developers, as well as support 
for multiprocessor debugging, 
Westfall said. The latter is use- 
ful for client/server applica- 
tions, allowing the developer to 
move back and forth between 
client and the server without 
running two instances of Slick- 
Edit. The company expects to 
offer unit testing for C++ next 
year and plans to add support 
for J2ME in May of this year, 
allowing developers to write "a 
Java front end for a mobile 
phone," Westfall said. 
"SlickEdit is more than an edi- 
tor," said the company's vice 
president of sales and business 
development, Bob Bradley. "It 
lets power programmers write 
more code faster and more 
accurately." I 
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Sun Previews New Features in Java Studio Creator 



BY YVONNE L. LEE 

Sun has begun previewing fea- 
tures that will appear in the 
next release of its Java Studio 
Creator, Sun's development 
environment geared toward 



departmental and business 
developers, which is due late in 
the second quarter of 2005. 

These features are being 
introduced in beta format in 
the currently shipping version. 



Some features are already in 
the product but are undocu- 
mented, and others will be 
made available through the 
application's auto-update fea- 
ture, said Dan Roberts, group 



marketing manager for Sun's 
developer tools. Full, stable 
code with documentation for 
the new features will ship with 
the new release, he said. 

Among the new features 
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are the ability to automatically 
import Enterprise JavaBeans, 
the ability to remotely deploy 
applications, new APIs for 
building components, and an 
automated way of importing 
HTML pages to insert into 
Web applications. The current 
version of Java Studio Creator, 
1.0, can import EJBs, but Cre- 
ator 2.0, code-named Thresh- 
er, will make it more automat- 
ic, Roberts said. 

"Now [with the preview fea- 
tures], you can look at Java 
applications as a data source 
for your applications," he said. 
"You can consume an EJB just 
like you'd consume a Web ser- 
vice. Instead of rewriting it, 
you can talk to that running 
application. You just point the 
tool to a specific file type and 
you have a graphical view of all 
the business methods on there. 
You can do visual property 
bindings to that application 
that you may have written or 
that someone else may have 
written." 

Creator 2.0 also will be able 
to set an applications deploy- 
ment descriptors to run on a 
different server from the one 
on which the application was 
written, Roberts said. 

The ability to import HTML 
files that developers can then 
insert into the dynamic applica- 
tions also is new to Creator 2.0, 
he said. 

"We have an automated way 
of taking an HTML page. You 
can start building your dynamic 
application on top of this page," 
he said. "This is also useful in 
corporations where you're 
handed a template and all 
applications have to follow the 
HTML template." 

While most of the other new 
features are targeted toward 
the business developers who 
use Creator, a new set of APIs 
is intended for those who cre- 
ate components, which will in 
turn be used by the business 
developers. 

"This API set is targeted 
toward component builders," 
said Roberts. "It allows them to 
create components that, once 
they're dragged into Creator, 
have wizards and properties 
specific to that component." 

According to Sun spokes- 
man Tom Baker, the company 
will continue to roll additional 
unspecified features into Cre- 
ator before the next release. I 
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Zend Technologies has introduced what it calls an enterprise-class 
version of its PHP runtime environment. Zend Platform includes a 
■-y i Java/PHP integration bridge, performance analyz- 

| Q er and content cache. The runtime, which costs 
US$999 per processor per year, integrates with the 
company's Zend Studio IDE ... VA Software has launched Tapestry, 
a community Web portal for its SourceForge Enterprise Edition cus- 
tomers. SourceForge is a collaborative environment for distributed 
development teams; the portal lets VA's customers work with others 
and share integration code and other assets . . . IBM Global Services 
has launched a new consulting practice called SOMA or Service Ori- 
ented Modeling and Architecture. The goal of the SOMA service is to 
help customers implement and migrate to service-oriented architec- 
tures . . . PalmSource has added IBM's WebSphere Everywhere Micro 
Environment, a J2ME runtime, to its Palm OS Garnet operating sys- 
tem. WEME is initially being bundled with some Tungsten handheld and 
Zire smartphone models . . . Also on the smartphone front, Nokia is 
offering a Python runtime for its Series 60 platform. The package can 
be downloaded from www.forum.nokia.com/python . . . PatentCafe is 
offering an Open Source Patent Search Engine, 
an online resource that lets development man- 
agers and other IT professionals research intellectual property. There 
is no charge for using the search engine, which is initially populated by 
500 patents given by IBM to the open-source community . . . Patriot 
Scientific is now offering a GNU C/C++ compiler for its Ignite series of 
embedded processor cores. Ignite uses a 32-bit RISC microarchitec- 
ture . . . Digital Evolution has introduced a .NET software extension for 

XML VPN, its secure message trans- 
port appliance for Web services that 
have to extend beyond an enterprise 
network to partners and suppliers. Previous releases were all for J2EE 
servers. The new version includes code for discovery and automated 
provisioning for .NET services across the virtual private network . . . 
ICEsoft Technologies has announced two new Java client-rendering 
components. ICEreader Bean, which costs US$2,000, 
can render basic HTML/XML, Cascading Style Sheets and 
embedded images and text. ICEbrowser Bean, for 
$5,000, adds support for JavaScript and Java applets, 
DOM and JMF . . . Forum Systems has introduced XRay, a Web ser- 
vices testing tool based on Kenai Systems' Examine vulnerability test- 
ing tool. According to Forum, the US$500 XRay extends Examine's 
tool by adding support for the WS-Security protocol. It also integrates 
with Forum's XWall firewall. 





UPGRADES 



Meiosys has updated MetaCluster UC, its stateful application reloca- 
tion software that lets running applications be moved from one server 
to another. Version 3.0 adds management capabilities to add automa- 
tion to the application relocation process. It also has new XML-based 
APIs for integrating it with management packages such as Tivoli and 
Unicenter . . . Version 5.6 of Expresso, the Apache Struts framework 
from Jcorporate, now lets developers use Struts Validator to validate 
import forms. It also supports the Velocity template engine and the 
Maven build engine. In addition, it lets tiles defined through the Tiles- 
Controller class maintain separate responses . . . Telerik has updated 
its .NET controls suite. The Q1 2005 release of RAD Controls includes 
a new client-side load-on-demand feature within the tree view compo- 
nent, extended chart types in the chart component, and improvements 
in the spellchecking and panelbar controls. RAD Controls costs 
US$799 per developer, or $999 for an annual subscription with 
updates . . . theKompany has updated Quanta Gold, its Web develop- 
ment tool for Linux, Mac OS X and Windows. Version 3.7 contains a 
number of bug fixes, as well as a new window builder and new icons 
and styles. It also includes documentation for working with PHP5, and 
supports the Mozilla preview on Linux using an embedded copy of the 
Firefox browser. It also has released dbRadar 1.4, a database monitor- 
ing tool for Linux and Windows, which adds new GUI synchronization, 
transaction support, ODBC connec- 



Business Objects 
Has SMB in Its Sights 



BY EDWARD J. CORREIA 

Small and medium businesses 
are now the objects of Business 
Objects, which has released 
Crystal Reports Server XI, a 
scaled-down version of its 
enterprise report-development 
platform for COM, .NET and 
Java applications without busi- 
ness intelligence and with less- 
er connectivity. 

The US$7,500 license fee 
includes software for one Win- 
dows server with up to four 
processors, concurrent licens- 
ing for up to five report con- 
sumers, and a one-seat license 
for the newly released Crystal 
Reports XI design environment 
for Windows. An edition for 
Linux servers is scheduled for 
release by July 1. 

According to Jaylene Crick, 
senior product marketing man- 
ager, Crystal Reports XI deliv- 
ers the feature most requested 
by developers: dynamic and 
cascading prompts, which she 
said enable report selection 
lists to be stored in a central 
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The updated Crystal Reports adds dynamic and cascading prompts, as well 
as a new set of feature-aligned cross-platform APIs. 



database and shared across 
multiple reports. "In the past, 
[developers] had to individual- 
ly code each pick list in every 
report." Pricing starts at $595 
per seat. 

Crick said that Crystal 
Reports now delivers a set of 
cross-platform APIs that are fea- 
ture-aligned. "Now the object 



models are the same across 
COM, Java and .NET, so the 
API you use in one application 
can be reused in another. Once 
you become familiar with our 
object model, you can reapply it 
to multiple projects," she said. 
The report designer's user inter- 
face has been rewritten to follow 
the Windows XP look and feel. I 



XML Appliances Add Host Protocols 

Dedicated servers now handle CICS f COBOL, MQ Series 



BY JENNIFER DEJONG 

So-called XML appliances are 
processing not only XML, but 
also a host of mainframe data 
types. 

Belmont, Calif. -based Reac- 
tivity later this month is expected 
to announce Datacenter Gate- 
way, its first mainframe offering, 
which follows Cambridge, Mass.- 
based DataPowers release earli- 
er of its updated XI50 XML Inte- 
gration Appliance. 

These dedicated hardware 
devices, which originated as a 
way to deal with process-inten- 
sive XML data, have evolved to 
support mainframe data types, 
such as CICS, COBOL copy- 
books and ISO 8583, a protocol 
used by financial institutions to 
transfer funds. They offer devel- 
opers a faster way of interfacing 
with data that resides in the 
glass house, while also managing 
security issues such as access 
control, digital signatures and 
encryption. Addressing such 
issues in hardware frees develop- 
ers from writing code to accom- 
plish those tasks in software. 



What's more, said DataPowers 
chief technology officer, Eugene 
Kuznetsov, that hardware 
approach enables them to inter- 
act with the data center without 
having to acquire mainframe 
expertise. "The mainframe can 
continue to speak mainframe." 

The company's XI50 integra- 
tion appliance, which starts at 
US$75,000, works by making 
calls to the mainframe via IBM 
MQ Series messaging, and then 
transforming the message into 
Web services calls, he said. 

New to 3.1 is more help when 
an error occurs in the data trans- 
formation process, spelling out 
which steps to take when. "It's 
more like a step-by-step debug- 
ger," he said. In addition, the 
updated offering provides better 
MQ support, including the 
ability to route between different 
MQs and set MQ headers. 
"It makes MQ more like an 
enterprise service bus," said 
Kuznetsov. 

Reactivity's DataCenter 

Gateway, which is expected to 
sell for about US$120,000, 



builds on the company's earlier 
offering, Reactivity Gateway, 
adding support for mainframe 
data types, such as IBM/TM, 
Tuxedo, Unisys DMS and 
EDIINT "Developers have to 
deal with the fact that everything 
has a different interface. You 
have to be able to handle that 
variability," said Reactivity's vice 
president of marketing, Joelle 
Gropper Kaufman. Offloading 
data transformation and security 
to a hardware device frees devel- 
opers to work on business logic, 
rather than forcing them to write 
code to accomplish mainframe 
integration and related security 
tasks. The device essentially 
makes the network infrastruc- 
ture data aware, she said. 

Because mainframes are 
based on messaging, in some 
ways they are more modern 
than recent offerings, such as a 
J2EE application server, said 
Kuznetsov. Talking to a J2EE 
server requires Java or Web ser- 
vices. "But with a mainframe, as 
long as you can parse the mes- 
sage, you can talk to it." I 
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Software Security at the Summit 



BY YVONNE L. LEE 

When it comes to securing 
enterprise software, it's not 
enough to put up a firewall and 
limit access to the server. 
Instead, developers must secure 
their software itself, according 



to Alan Zeichick, chairman of 
the Software Security Summit, 
which will be held April 12-14 in 
San Diego, Calif. The confer- 
ence is produced by BZ Media, 
publisher of SD Times. 

"We've found a lack of 



knowledge about how to protect 
software as you write it or soft- 
ware you own," said Zeichick, 
who also is editor-in-chief of SD 
Times. "By protecting the soft- 
ware, you're protecting the 
business." 



The Software Security Sum- 
mit will feature classes and 
keynotes from industry experts 
to help attendees understand 
software vulnerabilities and 
how to write secure software. 

Keynote speakers are Mary 
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Ann Davidson, chief security 
officer at Oracle; Amit Yoran, 
former cyber chief from the 
Department of Homeland 
Security; and James A. Whittak- 
er, chief scientist of Security 
Innovation. 

Tuesday the first day of the 
conference, will feature a choice 
of four full-day tutorials: Allen 
Holub's "Writing Secure Java 
Applications"; Joe Stagner's 
"Writing Secure Code for .NET 
Applications"; John Viega's 
"Building Secure Software"; and 
Whittaker s "How to Break Soft- 
ware Security," which reveals 
software vulnerabilities. 

In addition to writing SD 
Times' Java Watch column, Hol- 
ub served as chief technology 
officer at NetReliance, an Inter- 
net security-infrastructure com- 
pany, and sits on the board of 
advisers for Ascenium and for 
Ontometrics. Stagner presents 
regularly with Microsoft MSDN 
Events and recently presented 
one of the highest-attended ses- 
sions at Microsoft Tech-Ed: 
"How Hackers Hack, Hacking 
Back." Viega is founder and 
chief technical officer of Secure 
Software, which sells software 
security testing tools. 

The summit will offer smaller 
individual sessions from 9:30 
a.m. -5 p.m. on Wednesday and 
9:30 a.m.-5:30 p.m. on Thursday. 

This is the first independent 
security conference focused on 
enterprise application develop- 
ers, said Zeichick. I 
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JBoss Relational Mapping Comes Out of Hibernation 



BY YVONNE L. LEE 

At its first JBossWorld confer- 
ence this week, JBoss is expect- 
ed to take the wraps off a new 
version of the Hibernate 
object- relational data mapping 
tool that now will map relation- 
al data to XML. 

It is the first significant 
update of Hibernate since JBoss 
acquired the software in 2003. It 
is supported through the Java 
Enterprise Middleware System. 
Hibernate 3.0 also has new map- 
ping for handling legacy data. 

"Hibernate has added the 
ability to report on and monitor 
a wide range of statistics using a 
monitor that supports J MX," 
said Shaun Connolly, vice pres- 
ident of product management. 

In addition, Hibernate has a 
new SQL-like language called 
Hibernate Query Language for 
pulling in data from various 
enterprise data sources. The 
language not only pulls up cur- 
rent reports about data, but 

AccuSoft Plans 
Remake of 
Imaging Products 

BY JENNIFER DEJONG 

AccuSoft is giving its imaging 
software a makeover. 

Last month, the company 
launched VisiQuest 4.0, a native 
Windows version of the UNIX- 
based visual programming envi- 
ronment it acquired from Kho- 
ral, in Albuquerque, N.M., last 
year. It also announced plans to 
combine VisiQuest with its soft- 
ware development kit, Image- 
Gear, creating a single offering, 
expected next year, said Tom 
Leone, president and chief 
financial officer of the North- 
borough, Mass. -based company. 

ImageGear is used by devel- 
opers to add sophisticated 
imaging and analysis capabili- 
ties to aerospace, medical and 
other applications, while 
VisiQuest is a visual environ- 
ment that lets scientists who 
lack programming expertise 
apply complex algorithms to 
data and images. "Our plans are 
to leverage both technologies in 
a single offering, for both end 
users and developers," he said. 
In addition, AccuSoft plans to 
deliver later this year two suites 
of pre-packaged images, for 
medical and signal-processing 
applications, he said. I 



also can report on historical 
information. 

Connolly claimed that the 
language makes it easier for 
developers to specify the para- 
meters for the data they want to 



retrieve, and also simplifies the 
format in which it appears. 

In addition to updating 
Hibernate, the Atlanta compa- 
ny introduced software to issue 
updates, patches and notifica- 



tions to its customers. The 
software, called JBoss Net- 
work, will include a console 
that can be used to distribute 
necessary software to connect- 
ed computers. 



"Right now, the customer 
pulls us in when they need us. 
What the JBoss network is 
about is pushing knowledge and 
patches out to customers," said 
Connolly. I 
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Holding ISVs to a Higher Security Standard 



BY JENNIFER DEJONG 

Fortify Software wants to make 
ISVs more accountable for the 
security of the software they sell. 
The Palo Alto, Calif.-based 
company was expected to 
announce last month Applica- 



tion Risk Analyzer, a free binary 
analysis tool that scans software 
for risky coding practices that 
could result in security holes, 
said Fortify's chief technology 
officer, Roger Thornton. "How 
do you know the software you 



buy is secure, when you do not 
have access to the source code?" 
Risk Analyzer, which analyzes 
the binary code of commercial 
offerings that run under Linux, 
Solaris and Windows, generates 
an HTML-based report in a 



browser that lets software buyers 
ask their vendors the right ques- 
tions. By pinpointing areas of 
code where potential vulnerabili- 
ties exist, the user can say, for 
example, "Here, you have called 
three functions associated with 
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buffer overflows. Here is a func- 
tion that could contain a SQL 
injection error," Thornton said. 
"Software owners can go to soft- 
ware makers and say, Trove to 
me that your software is secure.' " 
The aim, Thornton said, is 
not to get software buyers to fix 
the commercial products they 
purchase (which requires 
access to the program's source 
code), but to create awareness 
among ISVs that customers are 
demanding secure software. I 

UDDI LINKS 
REGISTRIES 

< continued from page 1 

mation based on security would 
be helpful," said Jeff Burinda, 
CTO of WAND, which made a 
directory for IBM based on 
an earlier version of the UDDI 
specification. 

"What we wanted to support 
in [version] 3 is the recognition 
that enterprises aren't going to 
have a single registry to support 
all things," Clement said. So, 
the group changed the specifi- 
cation so that information can 
now be shared and updated 
among registries, he said. 

UDDI 3.02 enables inter- 
directory communication by 
way of four different new fea- 
tures: registry affiliation, user- 
definable keys, domain-based 
keys and subscription. 

Registry affiliation means that 
different directories or "reg- 
istries" can be connected. Ac- 
cording to Clement, registry 
affiliation sets forth the "plumb- 
ing" for how the registries con- 
nect. "User-defined keys was a 
mechanism to support affilia- 
tion," he said. 

Keys are reference points to 
items in the registries. One 
benefit of user-definable keys is 
that they make it easier to label 
in a meaningful way. Develop- 
ers can then more easily make 
reference to those keys as they 
link them, said Clement. 

In addition, the group has 
added domain-based keys, 
which are an easier method of 
addressing items than the pre- 
vious specifications had used, 
he said. "The domain-based key 
is just a URI," he said. 

Other new features include 
extended discovery, which can 
combine multistep queries into 
a single-step, complex query. 

Registry subscription is a 
mechanism to indicate that one 
registry will receive updated 
information from another. I 
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W3C Takes Careful Steps Toward Semantic Goal 



< continued from page 1 

soft, Oracle, Sleepycat, Sonic 
and SourceForge and others 
have built implementations. 

"They're working with the 
working group to make sure the 
databases stay in sync with the 
latest version," said Le Hegaret. 

XSLT 2 will include a query- 
ing language, XPath, which is a 
subset to XQuery, he said. 
XSLT 1.0 and XPath 1.0 origi- 
nally were designed to provide 
a stylesheet to convert XML 
documents into HTML for ren- 
dering to a browser. Since then, 
they have been used to manipu- 
late data and to convert one 
XML vocabulary into anoth- 
er — functions for which they 
were not initially designed. 

Parts of XPath are being 
jointly developed by the XML 
Query and XSL working groups. 

Another new feature in 
XSLT 2 will be the ability to 
group sections of a document 
and work with them collectively. 

Other specifications are 
designed to make it easier to 
program with XML documents 
as a programmer would work 
with a traditional language. 



"The overall plan is to be 
able to access and manipulate 
information," said Le Hegaret. 

In December, the group 
released the recommendation for 
XInclude, which makes it possi- 
ble to create XML applications 
that reference separate files. It 
followed in January with three 
specifications designed to more 
efficiently transmit binary data. 

In February, the W3C was 
scheduled to finish XMLTD, 
which makes it possible to have 
unique identifiers within an 
XML document and address 
the areas they represent sepa- 
rately. These specs make it eas- 
ier to break XML applications 
into separate modules that can 
be developed and addressed 
independently. 

XInclude replaces a mecha- 
nism in XML 1.0 and 1.1 for 
using separate files, Le Hegaret 
said. It was necessary because 
the previous method uses 
DTDs, which not all parsers 
have. In addition, the external 
entities in XML 1.0 and 1.1 must 
be declared and named, and sep- 
arately invoked. XInclude uses 
direct references. XInclude also 



has a facility for programmers to 
specify a fallback action if the 
included documents are unavail- 
able, said Le Hegaret. 

The three specs announced 
in January are designed to work 
in concert for exchanging binary 
data. Two, XML-binary Opti- 
mized Packaging (XOP) and the 
Message Transmission Opti- 
mization Mechanism (MTOM), 
are particularly useful for 
exchanging information across a 
low-bandwidth network or on a 
smaller device, such as a mobile 



phone, Le Hegaret said. 

XOP provides a way for 
applications to include binary 
data in a package with an XML 
document. Before, said Le 
Hegaret, organizations had to 
encode binary data as text, and 
that encoded information would 
have to be retranslated. That 
would increase the bandwidth 
necessary to send the item and 
would slow the performance of 
the application, he said. 

"You don't find the image," 
said Le Hegaret. "You find a ref- 



PATH TO THE SEMANTIC WEB 



December 2004 

• XInclude provides a new way 
to build XML applications that 
span multiple documents. 

January 2005 

• XOP provides a method for 
applications to include binary 
data in a package with an XML 
document. 

• MTOM enables SOAP bindings 
to optimize the transmission 
and the wire format used to 
transfer a SOAP message. 

• RRSHB enables SOAP mes- 



sage recipients to access 
cached representations of ex- 
ternal resources. 

February 2005 

• XML:ID provides a way to 
identify sections of an XML 
document. 

Later in 2005: 

• XQuery guery language for 
XML documents. 

• XSLT 2 stylesheet language to 
add guery facility, grouping of 
sections within a document. 



erence to the image that comes 
along with it. You don't have to 
do any encoding. You're gaining 
in terms of bandwidth and per- 
formance because of that." 

MTOM uses the features 
provided by XOP to address 
SOAP messages. MTOM 
enables SOAP bindings to opti- 
mize the transmission and the 
wire format used to transfer a 
SOAP message. It uses HTTP 
and XOP to send the various 
binary parts as well as the SOAP 
message in a MIME envelope. 

Resource Representation 
SOAP Header Block (RRSHB) 
also deals with binary files but is 
for situations where binary 
information is not available 
either because of a firewall or 
because of bandwidth issues. 

RRSHB enables SOAP mes- 
sage recipients to access cached 
representations of external 
resources. It gives the recipient 
the option of using either the 
original file that may be identi- 
fied by a URI, or a cached copy 
that accompanies the actual 
SOAP message. It can be used 
with MTOM to process data 
more quickly because external 
data is already present when the 
recipient is starting processing 
the message. I 
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.NET Support Tops List of QA Wizard's New Features 



BY YVONNE L. LEE 

Seapine Software has updated 
its QA Wizard graphical user 
interface functional test tool by 
adding the ability to test the 
functionality of .NET applica- 
tions, script debugging capabil- 



ity an expanded wizard and 
better exception handling. 

"With the standard control 
set you get with Microsoft 
Visual Studio, we can record 
against them [and] play back 
against those controls," said 



project manager Michael Tack- 
ett. "We now specifically recog- 
nize them." 

In addition, QA Wizard 3.0 
now debugs users' test scripts. 
Prior versions of the product 
had a built-in scripting language, 



but QA Wizard 3.0 is the first 
with a debugger, said Tackett. 

"We had no way of manually 
stepping through a script other 
than a print statement," he said. 

Finally, the company has 
augmented the products wiz- 
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ard, separating out the batch 
capability in a separate menu 
item and making the Wizard 
processes more detailed. 

Seapine offers several licens- 
es for QA Wizard. A floating 
license for any five simultaneous 
users costs US$3,995. A dedicat- 
ed license for five named users 
is $2,995. The company also 
offers runtime licenses to run 
but not create scripts. A floating 
five-user license is $1,595. A 
dedicated five-user named 
license is $995. 

In addition, QA Wizard is 
available as part of the Seapine 
SQA suite, which also includes 
the TestTrack Pro defect man- 
agement tool and Surround 
SCM source code management. 
A floating five-user license is 
$4,995 and a dedicated license 
is $3,495. I 

Tangosol Adds 
More Failover 
To Coherence 

BY YVONNE L. LEE 

Cache is king for making infor- 
mation more quickly accessi- 
ble, but new features in Tan- 
gosol's Coherence clustered 
cache for J2EE applications are 
designed to make that informa- 
tion available even if a data 
center goes offline. 

Coherence 3.0 adds data 
center failover capability to the 
prior versions server failover 
capabilities. It can do this 
because administrators now can 
indicate the location of the 
servers, and specify that the 
servers in one location should 
fail over to those at another site, 
said president Cameron Purdy. 

"We have customers in New 
York City who have a second 
data center in New Jersey or a 
second data center in Westch- 
ester," Purdy said. 

The failover capability is 
available in the US$4,995-per- 
processor enterprise edition 
only. 

Two other new features 
appear in both the enterprise 
edition and the $l,995-per- 
processor cluster edition. One 
is the ability of Java clients to 
access the data that is being 
managed in the cluster, and 
the other is that all Coherence 
features are now exposed as 
Java Management Extensions 
(JMX). I 
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Spectrum Evolves Change Management Offering for Eclipse 



BY JENNIFER DEJONG 

Spectrum Software is making 
changes to its Eclipse-based 
change management offering. 

The Duluth, Georgia-based 
company announced Spectrum- 
SCM 2.1.2, an Eclipse plug-in 
with features aimed at helping 
teams of architects, developers 
and testers communicate effec- 
tively. "Otherwise, things happen 
that impact people annoyingly," 
said Spectrum's president and 
CEO, Srini Srinivasan. 

For instance, the new offer- 
ing includes a notes feature that 
lets a developer notify team 
members of a problem, such as a 
previously undetected bug, with- 
out having to leave the Eclipse 
environment. "Notes are view- 
able by the entire team," he said. 
In the past, team members 
relied on e-mail or the spoken 
word to convey that kind of 
information. 

Also new is the ability to 
assign tasks associated with a 

CodePro Gets 
Analytical 

BY YVONNE L. LEE 

Instantiations has beefed up the 
analytical capabilities from its 
CodePro Studio product and has 
spun them off into a new prod- 
uct called CodePro AnalytiX. 

"This the next generation of 
the CodePro product family," 
said vice president of marketing 
and business development Mark 
Johnson. "We've really refined 
the product and want to focus 
on code analytics." 

The US$999 CodePro Ana- 
lytiX combines code audit, met- 
rics, test generation, the ability to 
integrate with the JUnit Java unit 
testing tool, and code coverage 
to ascertain that all modules of 
the app have been unit-tested. 

In addition, the product has 
automatic code checking. It in- 
cludes more than 100 built-in 
rules against which the program 
will automatically check and cor- 
rect code. Organizations can cus- 
tomize these rules to enforce cor- 
porate standards, Johnson said. 

CodePro AnalytiX integrates 
into Eclipse, IBM Rational's 
Web Developer, Application 
Developer and Architect, and 
IBM's WebSphere Studio. The 
complementary $199 CodePro 
PlusPak adds design patterns, 
ergonomic enhancements and a 
task scheduler. I 



problem statement from within 
the IDE, as well as role-based 
views. Instead of allowing every 
team member to view every- 
thing, SpectrumSCM provides 
separate views for architects, 
developers and testers. "The 



controlled way of accessing is 
critical. You don't want just any- 
one to be able to make any 
change," Srinivasan said. 

Unlike the previous version, 
the updated offering allows two 
or more team members to check 



out and make changes to a file 
concurrently. In previous ver- 
sions, when a file was locked, 
others had to wait to access it. 

Support for common and 
uncommon checkout lets a team 
member propagate changes 



across multiple versions, or 
branches, of a project or isolate 
those changes to a given branch. 
By offering SCM capabilities 
in Eclipse, "we are making 
development teams more pro- 
ductive in their IDE," he said. I 
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VSLive: Bits of Longhorn 



* continued from page 1 

developer conference from Faw- 
cette Technical Publications. 

S. "Soma" Somasegar, corpo- 
rate vice president of Microsoft's 
developer division, described 
smart clients as bringing togeth- 
er the best attributes of thin 
clients, which operate solely 
through a browser, and rich 
clients executing binaries on the 
local machine. The smart clients 
would combine local resources, 
if available, with network- 
attached distributed data 
sources, such as on an enterprise 
LAN, and offer offline and 
online capabilities. 

"If you want to take the low 
total cost of ownership [and] the 
ease of deployment ability from 
the Web client, and combine it 
with the rich user experience, 
the online/offline capability and 
the ability to leverage local com- 
puting resources," Somasegar 
said, "you have a new breed of 
client software, which we call 
smart client." 

Smart clients are a way of 
envisioning two-tiered or three- 
tied development that lever- 



ages the .NET Framework and 
in some cases, Microsoft Office. 
However, there's no specific set 
of technologies that enable 
smart-client development, and 
Microsoft wasn't promoting any 
products or other initiatives 
around them. 

In other news, Microsoft has 
released a Tablet PC Game SDK 
created jointly with 3Leaf Devel- 
opment. Somasegar also promot- 
ed a set of ink controls from 
Agilix, called InfiNotes, which 
developers can use to embed 
rich note-taking capabilities into 
Windows Forms and Web 
Forms applications. A version of 
the InfiNotes controls is avail- 
able for deployment at no cost. 

Microsoft also announced a 
Connected Systems Business 
Kit, a collection of sample apps 
and white papers for imple- 
menting service-oriented archi- 
tectures using existing .NET 
technologies and products, and 
the Patterns & Practices Enter- 
prise Library, a set of reusable 
building blocks for large-scale 
application projects. Those are 
both offered at no charge. 



PIECES OF LONGHORN 

Another theme of VSLive is the 
gradual release of Avalon, the 
new presentation subsystem for 
Windows desktops, which uses 
a dialect of XML, called 
XAML, to improve the layout of 
elements on a video display. 
Somasegar announced that the 
second community technology 
preview (CTP) of Avalon will be 
released in March. 

According to a separate con- 
versation with Ari Bixhorn, 
director of Web services strate- 
gy, Microsoft also will release a 
CTP of Indigo, the new unified 
communications subsystem for 
Windows, around the same time 
as the Avalon preview. This was 
also publicly announced in a 
keynote address by Microsoft's 
Eric Rudder, senior vice presi- 
dent for servers and tools. 

The value of Indigo, accord- 
ing to Bixhorn, is that it collapses 
a number of separate Microsoft 
communications subsystems into 
a single service broker; essential- 
ly, developers code to a single 
API, and then Indigo (and the 
.NET Framework) takes care of 



THE NON-ANNOUNCEMENT: 
LOGICLIBRARY 



At his VSLive keynote, Microsoft's Soma Somasegar announced 
a new set of application building blocks, called the Patterns & 
Practices library. Apparently, he also was supposed to announce 
a partnership with LogicLibrary, which embedded the Patterns & 
Processes library into its Enterprise Library repository. 

At least, that's what both companies' press relations depart- 
ments believe, going by their PR pitches and press releases. For 
example, Microsoft's post-keynote release said, "Somasegar also 
unveiled new resources for enterprise developers, [and] announced 
Microsoft's expanded partnership with Visual Studio Industry Part- 
ners (VSIPs) Micro Focus International Ltd. and LogicLibrary Inc." 

Unfortunately, he didn't actually announce it. But to know 
that, you'd have had to be there. — Alan Zeichick 



the rest. The subsystems moved 
into Indigo include .NET 
Remoting, AS MX, Web services 
and MSMQ. 

At last year's Professional 
Developers Conference, Micro- 
soft touted Avalon and Indigo as 
"pillars" of Longhorn (the next 
version of Windows XP), along 
with WinFS, a new object-ori- 
ented file system. Last year, 
Microsoft announced that Win- 
FS would not be part of Long- 
horn, and the company had 
decoupled Avalon and Indigo 
from the new operating system. 
So, where does that leave 
Longhorn? 



John Montgomery, director 
of product management for 
Microsoft's developer division, 
told SD Times that the Long- 
horn release will contain not only 
a new user-interface shell, but 
also significant improvements in 
security, stability and administra- 
tive features. 

However, the biggest factor 
may be that it's based on the new, 
tighter Windows Server 2003 
codebase and will include a new 
device driver model. "Eighty 
percent of blue screens have to 
do with drivers," he said, regard- 
ing system crashes on the Win- 
dows XP client. I 
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Microsoft Partners Show Off Components, Plug-Ins 



BY ALAN ZEICHICK 

SAN FRANCISCO — While Microsoft's 
news about "smart clients" dominated the 
VSLive conference, several third-party 
tool and component providers used the 
conference to introduce their latest wares. 

Avicode has updated Intercept Stu- 
dio, a utility that detects faults in running 
applications and sends error data to Visu- 
al Studio and Microsoft Operations Man- 
ager. Version 2.3 adds support for Visual 
Studio 2005 and for Windows 
Forms applications. 

DBI Technologies has 
released Calendar Tools 2.0 



for .NET, an update of its Visual Basic 6.0 
calendaring components rewritten for 
.NET The US$399 component set in- 
cludes variable time appointment incre- 
ments, direct appointment entry and 
editing, conflict checking and printing. 

Infragistics has updated its compo- 
nent suite for COM and .NET NetAvan- 
tage 2005 Volume 1 includes a new Win- 
dows Forms Printing component with 
print preview; enhancements to its 
data grid; new ASP.NET elements for 
image buttons and image panels; 
Gantt and polar charts; and textures 
in Windows and WebChart. At the 
conference, Infragistics also released 
Test Advantage, a set of regression testing 



libraries for Windows Forms applications. 
Micro Focus will be abandoning its 
own integrated development environ- 
ment, and will now be standardizing on 
Visual Studio as its only IDE for 
COBOL developers. Applications writ- 
ten using Net Express, its Visual Studio 
plug-in, can be deployed not only to 
Windows, but also to mainframes, Linux 
and Unix, according to the company. 
N Software has released a set of com- 
munications adapters for 
BizTalk Server 2004. The 
adapters are for the AS2 
transport, FTPS SSL-based 



secure file transfer and STFP SSH-based 
secure file transfer. 

Nolics is offering Nolics.NET, a 
Visual Studio plug-in that lets develop- 
ers create database applications using 
objects only; according to the company, 
programmers won't have to write 
embedded SQL statements or develop a 
data access layer. Nolics.NET costs 
€350 per seat. 

Oracle has announced a beta of Ora- 
cle Developer Tools for Visual Studio 
.NET — well, that's fairly self-explanatory. 
The tools, expected to be generally avail- 
able in the second quarter of 2005, are 
plug-ins for Visual Studio for creating and 
deploying applications for Oracle D ata- 



ri— Lmilflii.iii- 
UJh-fTW If 

bpcbted 




Source: Nolics 



The Nolics software persists classes by providing certain base classes from which to inherit 
the user classes. 



base 10g. The company also announced 
that Oracle Database lOg Release 2 will 
include new database extensions that 
support .NET stored procedures. 

PreEmptive Solutions previewed 



the next version of Dotfusticator Pro- 
fessional, its code obfuscation tool. 
The forthcoming version 3.0 will work 
with Visual Studio 2005, and adds 
► continued on page 22 
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Pyramid Power at Dundas 



BY ALAN ZEICHICK 

Dundas Software has updated 
its server-side chart generating 
software, adding a variety of new 
chart types, including pyramid, 
funnel and polar charts. 



Version 4.5 of Dundas Chart 
for ASP.NET, Enterprise Edi- 
tion, also includes new user 
interface controls that provide 
access to chart controls, tool- 
bars, context menus and prop- 



erties pages. The software costs 
US$2,999, which includes one 
developer license, one test serv- 
er license, and one production 
server license. 

The new version also offers 



a new type of diagram, called 
FastLine, which is a line chart 
optimized to handle extremely 
large data sets. According to 
the company, FastLine dia- 
grams offer fewer features 
than standard line charts, but 
can render quickly even with 
multiple data sets of more 
than 100,000 points. I 
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Pyramid and funnel charts are new 
to Dundas software. 

PARTNERS SHOW 
THEIR WARES 

< continued from page 21 

watermarking, assembly link- 
ing and support for generic 
types. The software costs 
US$1,495 per user. 

Sax.net introduced Comm- 
Studio, a set of components and 
visual debugging tools for work- 
ing with remote systems and 
devices. CommStudio, which 
plugs into Visual Studio, costs 
U$999 per seat. 

Versant was demonstrating 
Open Access .NET, an object 
persistence and object-rela- 
tional mapper for .NET appli- 
cations. The software, which 
was to be available in late Feb- 
ruary, will costs US$995 per 
developer; there are no deploy- 
ment fees. 

DROPS OF INK 

A major theme of the VSLive 
conference was the Tablet PC. 
One partner that Microsoft 
spotlighted was Agilix, which 
unveiled InfiNotes, a set of 
.NET note-taking controls that 
plugs into Visual Studio. The 
Standard Edition is available at 
no charge, and lets basic ink 
note-taking features be added 
to Windows Forms applica- 
tions. The US$295 Professional 
Edition can combine ink with 
keyboard entry, and allows 
more sophisticated formatting 
and window controls. 

A competitive product intro- 
duced at VSLive was Blue- 
wirelnk, a .NET component for 
note-taking from Bluewire 
Technologies. The US$100 
SDK allows for multipage 
notes, ink-to-text conversion, 
entering text via either key- 
board or ink, note flags, and an 
integrated toolbar. I 
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■ Learn How to Build Secure Software 

■ Secure the Software on Your Network 

■ Test the Security of Your Software 

■ Understand Software Security Vulnerabilities 

■ Implement a Layered Approach to Application Security 

■ Architect Security Into the Development Life Cycle 




Understanding the Arts 
Of Your Adversary 

James A. Whittaker 

Director of Center for Information 
Assurance, Florida Institute of Technology 

Why do hackers target your company, 
your products or your Web site? This en- 
gaging keynote explains the motivations 
and techniques of your adversaries and, 
more important, sheds light on what you can do about it. 
Software security expert James A. Whittaker will show ac- 
tual attacks and talk broadly about the techniques hackers 
use against Web sites, applications and networks. He will 
address both basic and advanced hacker attacks from 
planning the hack, finding a vulnerability and finally execut- 
ing the exploit. This fact-filled keynote address will set the 
stage for the technical classes to come, by providing a bet- 
ter understanding of your adversaries and how to defend 
against them. 



Visionary Keynotes 

The Case for Secure Software 

Mary Ann Davidson 

Chief Security Officer, Oracle Corp. 

"IT" means more than information tech- 
nology. It also means "infrastructure 
technology," as virtually all providers of 
critical infrastructure have an IT back- 
bone. Your organization's IT must become 
as safe, secure and reliable as physical 
infrastructure — and that requires a cultural revolution 
within our profession, so that IT becomes a discipline, and 
a profession to the same degree as the engineering disci- 
plines that create physical infrastructure. While the cultur- 
al revolution in security needs to be led by the IT industry's 
leading companies, all of us have a vital role to play in 
changing this important dynamic, so that security is a 
baseline requirement for IT products, instead of an after- 
thought. 





Change the Security 
Paradigm or Bust 

Amit Yoran 

Former Cyber Security Chief for Home- 
land Security 

Over the past two decades the Internet 
and those participating on it have let 
their security rely heavily upon an in- 
ternal trust model. This trust concept 
has led to building network security perimeters and an in- 
creasingly complex set of security products to keep mis- 
creants out. Today's rapidly changing computer systems, 
distributed uses and nature of networks as platforms 
have led to a state of almost complete ineffectiveness of 
traditional security approaches. Modern computing envi- 
ronments include distributed users, remote code down- 
load and execution, Web services, XML, RFID, mobile dig- 
ital platforms and dynamic participation on a multitude of 
networks. 
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Faculty Include 



Allen Holub, SD Times Java Watch colum- 
nist; Author of nine programming books 
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MORE UPGRADES 



< continued from page 10 

tivity for Linux and a revised user interface . . . Version 3.0 of Essen- 
tial Suite Enterprise Edition, a set of .NET components from SyncFu- 
sion, adds three new components: Essential HTML Ul is a Windows 
Forms control that supports HTML rendering by exposing HTML ele- 
ments as programmatic elements; Essential PDF is a library that can 
create PDF files; and Essential Calculate is a formula engine that can 
work with, but is not reliant upon, Microsoft Excel . . . Quantum Art 
has released QP7.Framework, a content application server for the 
Web that replaces its previous Q-Publishing 6. New features include a 
graphical content management interface, advanced database struc- 
turing that allows browser linking, full-text searching, an enhanced 
workflow engine, and new code and style libraries. QP7.Framework can 
be licensed and run locally, or run as a hosted service . . . FarPoint 
POHPHH MB Technologies has a new release of Spread for 
KlWlKJ^PW Web Forms ' ' ts spreadsheet component for 
■■■ HHH ASP.NET. Version 2.0 adds cross-sheet referenc- 
ing for formulas, new cell types including a percent cell, more built-in 
functions, and options for customizing the user interface. It also allows 
cells with identical content to be merged automatically. The compo- 
nent costs US$699 or £455 . . . TeaLeaf has updated RealiTea, its 
Web application management system. Version 4.5 adds event analysis 
reports, performance reports, stronger data security and increased 
scalability, according to the company. TeaLeaf is also offering add-ons 
for business health scorecards, data extraction, and customer-service- 
oriented search capabilities . . . Progress Software is offering version 
9.0 of ObjectStore EdgeXtend for C++, its tools for building object- 
oriented data access layers for C++ applications. Version 9.0 includes 
a graphical browser for database schemas and a drag-and-drop inter- 
face, improved performance monitoring and cache synchronization for 
clustered servers . . . 4D has updated its 4th Dimension database. 
Version 2004.1 lets developers use pointers to access local variables, 
show the contents of files or folders in the local file system, set envi- 
ronment variables, and handle SOAP arguments larger than 32K. It 
also has more options for handling timer events and for managing 
database tables and fields . . . Version 7.5 of 
Stellent's Universal Content Management 
server adds a new metadata management mod- 
el designed to let users view metadata fields within an appropriate 
user-role or document status context, as opposed to being based on 
document type. It also has new features for e-mail-based content man- 
agement and working with image and video files . . . The new release 
of Calendar Tools for .NET, a set of components from DBI Technolo- 
gies, includes a new common data structure and presentation host, 
called dbiPIM.dll, and source code that shows how to extend the com- 
ponents to fit into Microsoft's Outlook Object Model. Version 2.0 costs 
US$399 for a developer seat . . . Serena has tightened the integration 
between its TeamTrack request management server and ChangeMan 
ZMF mainframe change management system. TeamTrack for Change- 
Man 6.2 lets developers view, control and sync mainframe changes 
from a Web browser by accessing the TreamTrack server. The update 
also has new features for coordinating software releases between 
related projects . . . Microsoft has begun shipping Visual FoxPro 9. 
The new version improves XML and Web services support, as well as 
new data types that will improve compatibility with Visual Studio .NET 
and SQL Server 2005. Microsoft has stated that Visual FoxPro will 
remain a native 32-bit Windows environment, and will not be ported to 
.NET or to 64-bit Windows ... In early February, Eiffel has renamed 
Envision, its Visual Studio plug-in for the Eiffel language, as Eiffel- 
Vision. The company also announced version 2.5 of the plug-in, saying 
that it has a "new look and feel and many new features," but declined 
to provide any details. 



STELLENT 



PEOPLE 



Database company ANTs Software has given the CEO title to president 
Boyd Pearce. Pearce, who joined ANTs in October 2004, remains pres- 
ident, while the former CEO, Francis Ruotolo, stays on as chairman of 
the board of directors. I 



AOP Moves Out of the Lab 



< continued from page 1 

JBoss. "It is ridiculous to stay in 
the ivory tower and wrap our- 
selves in complexity." 

Instead, it's time to talk about 
the programming problem that 
AOP solves. "The real story is the 
simplification of J2EE develop- 
ment," said Fleury. "AOP is the 
holy grail for middleware 
design," noting that the concept 
is not unique to Java, but is also 
emerging in .NET. 

Instead of scattering code to 
manage concerns, such as 
caching, throughout an appli- 
cation — across meth- 
ods, classes and 
object hierarchies — 
AOP lets developers 
manage that code as a 
separate aspect, which 
is then applied to the 
codebase. 

That approach 
transforms the com- 
plexity of J2EE 
development into 
POJO, said Fleury. 

POJO refers to the 
actual application, 
such as an account or 
customer, not the 
concerns, such as 
security or persis- 
tence, which can be 
applied to applica- 
tions using aspects. 

"Business objects 
remain pure, not 
tainted with other 
stuff," added Adrian 
Colyer, a senior technical staff 
member at IBM's Hursley soft- 
ware development laboratory, 
in Winchester, U.K. 

Separating aspects from 
plain Java objects represents 
what developers are doing with 
AOP today, said Colyer, who for 
his work on AOP last year was 
named one of the top 100 
"young innovators" by the MIT 
Technology Review. 

Although IBM has not for- 
mally implemented AOP capa- 
bilities into its software devel- 
opment platform, developers 
can get a feel for what it's like 
to work with aspects by down- 
loading tools from three IBM- 
led Eclipse projects, including 
AspectJ, AspectJ Develop- 
ment Tools (AJDT) and the 
Concern Manipulation Envi- 
ronment (CME), Colyer said. 

JBoss began taking an AOP 
approach to middleware in 
2000, Fleury said. JBoss AOP, a 
framework for AOP and a 
prepackaged set of aspects that 



can be used in any program- 
ming environment as well as 
with the JBoss application serv- 
er, has been available to devel- 
opers since 2003. (See box, 
"Getting a Handle on AOP") 

Using AOP today is both 
easy and hard, Colyer said. 
"You can read a couple of doc- 
uments and become productive 
pretty quickly. But the implica- 
tions of adopting AOP are pro- 
found. "You have to change the 
way you think about your appli- 
cation." And that process does 
not happen overnight. 



GETTING A HANDLE ON AOP 



Commercial offerings aren't here yet, but a handful of 
open-source projects can help developers get their 
arms around aspect-oriented programming today. 

AspectJ and AspectJ Development Tools (www 
•eclipse.org/aspectj and www.eclipse.org/ajdt): 

IBM-led Eclipse projects that enable clean modular- 
ization of cross-cutting concerns, such as error- 
checking and handling, monitoring and logging. 

AspectSharp (www.sourceforge.net/projects 
/aspectsharp): Another AOP framework for .NET 
developers. 

Concern Manipulation Environment (www.eclipse.org 

/erne): An IBM-led Eclipse project that offers a 
suite of tools creating aspect-oriented software. 

JBoss AOP (www.jboss.com/products/aop): JBoss 
framework and prepackaged aspects that can be 
used with or without the JBoss application server. 

LOOM.NET (www.dcl.hpi.uni-potsdam.de/research 
/loom): AOP for .NET developers. 



MICROSOFT AND AOP? 

Aspect-oriented concepts also 
exist in Microsoft C#, noted 
Fleury. But Microsoft appears 
reluctant to embrace the term 
AOP, and the company declined 
requests to discuss how such 
concepts are likely to show up in 
its development tools. 

Tom Barnaby, an instructor 
and architect at St. Paul, 
Minn. -based .NET consulting 
company Intertech, explained 
Microsoft's approach goes 
"about 75 percent of the way" 
to AOP. 

"There is a notion in C#, 
known as attributes — essen- 
tially tags applied to entities in 
source code in order to speci- 
fy additional information — 
which has an aspect-like feel 
to it," Barnaby said. It is an 
aspect-like way of thinking 
that developers can use to 
implement an AOP frame- 
work in .NET, he said. 

Barnaby said he believes 
Microsoft will embrace 



aspect-like concepts even fur- 
ther. But he does not believe 
the company will adopt the 
term AOP. 

He predicts that Microsoft 
won't introduce aspect-like 
features in its own develop- 
ment platform until it can do 
so in a way that overcomes 
what it sees as a key limitation 
of Java implementations of 
AOP, such as AspectJ. 

"One thing Microsoft 
doesn't like about the AspectJ 
approach is that it is too easy 
to introduce unintended side 
effects," he said. 
"When you define 
an aspect, you may 
think it will be 
applied only to cer- 
tain methods, but 
in fact it may also 
be applied to other 
methods you don't 
know about." 

In order for AOP 
to move in the main- 
stream, "you have 
to be able to see 
what you are affect- 
ing," said Barnaby. 
"You need a visual 
rendition of where 
aspects have been 
applied." 

Whatever you call 
it, AOP is a way of 
thinking, which is 
expected to have a 
profound impact on 
future software de- 
velopment. 

"The concept was apparent 
in computer-aided design and 
computer-aided manufactur- 
ing 20 years ago," said Andy 
Roberts, chief technology offi- 
cer at Bowstreet, a Tewksbury, 
Mass. -based software compa- 
ny that sells the Portlet Facto- 
ry, a Java development envi- 
ronment that is based on AOP 
techniques. 

"CAD/CAM tools became 
powerful when they let engi- 
neers use aspects to add a fea- 
ture, such as a staircase, across 
a program over and over again." 
If you created a template to do 
that, it wouldn't work, because 
there are too many specific 
requirements around each 
staircase. 

"But aspects let you do that," 
he said. 

"It's really about simplifying 
the programming model," 
added Fleury. "AOP is here to 
stay, and it will be deeply 
impactful for developers." I 
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Sybase Building RFID From the Ground Up 

iAnywhere launches radio frequency tools targeting Windows XP Embedded devices 



BY EDWARD J. CORREIA 

Sybase is getting into radio. The 
company told SD Times it plans 
this summer to release tools that 
permit enterprise developers to 
build supply-chain tracking sys- 
tems using radio frequency iden- 
tification technology (RFID) to 
interface with new or existing 
business activity and process 
monitoring systems. 

Laying the groundwork for 
that plan is embedded division 
iAnywhere, which in mid-Feb- 
ruary unveiled RFID Any- 
where, a set of middleware and 
development tools to RFID- 
enable, control and monitor all 
manner of warehouse devices 
running Windows XP Embed- 
ded, and integrate their data 
with back-end enterprise sys- 
tems. The software was set for 
release at the end of March. 

According to Chris Foley, 
iAnywhere s director of RFID, a 
US$30,000 starter kit will 
include client software for a vari- 
ety of devices along with corre- 
sponding device connectors and 
controllers. It also will ship with 
several plug-ins for Visual Studio 
.NET, including a wizard for 
building C# business logic shells 
and an RFID simulator, and will 
permit developers to set break- 
points in code wherever it inter- 
acts with the physical RFID 
environment. It also can cope 
with the multitude of electronic 
product code (EPC) tags. 

Foley said that a modular 
architecture keeps the software 
from becoming obsolete as the 
specifications defining the RFID 
standard evolve. "We plug into 



other applications and talk com- 
mon protocols," he said, adding 
that by abstracting the connec- 
tion layer, new connectors can be 
added relatively quickly. 

The connector layer also sim- 
plifies development, Foley said. 
"[The developer] doesn't have to 
care. He just adds business logic 
on top and calls devices by plain 
English names, not from 'reader 
0078' and 'antenna 0072.'" Busi- 
ness logic can be spread across 
any number of machines and 
machine types. 

According to iAnywhere's 
senior director of marketing 
Steve Robb, the middleware 
architecture also is modular, 
opening the door to integration 
and management with not only 
Sybase's Wireless Orchestrator, 
but also with solutions such as 
Microsoft's BizTalk server. 

RADIO ENTERPRISE 

Foley spoke of the tools yet to 
come. "This is part of a larger, 
wrap-around offering where we 
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RFID Anywhere features a browser-based interface for managing devices. 



get into full-blown, drag-and- 
drop BAM and BPM process 
integration [in which] an RFID 
tag read might spawn a reorder 
transaction in a purchase order 
system or the movement of 
goods from one warehouse to 
another." 

He said the iAnywhere vision 
includes capabilities you don't 



find in other middleware. "At the 
top layer of the RFID middle- 
ware, we give you an option of 
creating business [logic] either 
through JMS, SOAP or other 
common protocols, or using a 
nonprogramming option. This is 
where we expose everything that 
would normally be exposed at 
the connector layer to a business 



module as a Web service. We 
expose the WSDL and let Web 
service-enabled databases and 
applications interact with our 
layer without any programming." 
Transactions can be synchronous 
or asynchronous, he added. 

Foley claimed competitive 
superiority over solutions from 
OAT Systems and GlobeRanger, 
because of iAnywhere's experi- 
ence coping with intermittent 
connectivity. "We're leveraging 
our heritage, not just bolting 
products together. For instance, 
when you get into remote con- 
nections where you have to put 
reader infrastructure and they've 
got flaky connections, it's very 
important to guarantee that 
interactions can still take place 
when that WAN connection is 
down and that the tag data is 
delivered to the back end when 
the connection is reestablished." 
To that end, he said iAnywhere 
eventually will be weaving in its 
Queue Anywhere and SQL Any- 
where tools and technologies. I 



GoBinder, Content Tool Graduates to the Enterprise 



BY EDWARD J. CORREIA 

GoBinder began life as an 
application for Windows XP 
and Tablet PC to help college 
students organize course cur- 
ricula and the myriad tasks that 
accompany higher education. 
At February's VSLive Confer- 
ence in San Francisco, creator 
Agilix Labs demonstrated Go- 
Binder SDK, a .NET plug-in 
that it says allows enterprise 
developers to customize the 



software for use in a variety of 
document and content manage- 
ment applications. 

Agilix president and CEO 
Curt Allen described how 
Nationwide Insurance is using 
the GoBinder beta in a pilot pro- 
ject to help reduce approval 
times. "A 100-page printed pro- 
posal might sit in someone's 
inbox for days waiting for a sig- 
nature. Then it waits for the next 
guy to get back from his trip, and 



the next." Nationwide, he said, 
was measuring turnaround in 
terms of months. "With GoB- 
inder, the same documents can 
be sent electronically to all peo- 
ple at the same time, who can 
then annotate and return them 
more quickly. Nationwide 
reduced their approval process 
to 24 to 48 hours." GoBinder 
costs US$79 per mobile seat; 
general availability is set for this 
year. SDK pricing has not been 



HanDBase Stands Alone on Windows 

ODBC data sources. 

With the stand-alone capa- 
bility comes the disappearance 
of what Haupert said was a 
problem for certain applica- 

n 



BY EDWARD J. CORREIA 

Don't worry, the secret is safe. 
Developers using HanDBase, 
the code-free relational data- 
base development system from 
DDH Software, will now be 
able to create stand-alone Win- 
dows executables that do not 
require a separate HanDBase 
application to run. HanDBase 
Online Runtime Builder 1.0, 
released in late January, also 
lets developers upload and 
compile Windows databases 
through a browser. 

"Developers are really happy 
not to have to break the secrecy 
that they were using a runtime," 
said DDH president David 



Haupert of the new feature. 
The tool, which starts at 
US$39.95 per developer, had 
already enabled developers to 
target Palm OS and Pocket PC 
with stand-alone apps; a Win- 
dows component permits users 
to edit and synchronize data- 
base data without knowing of an 
underlying runtime engine. "It 
looks like you created it yourself 
and it's your own application. It 
doesn't look like HanDBase 
anymore." A license for unlimit- 
ed Windows runtimes costs 
$299, $599 for Palm OS or 
Pocket PC, or $999 for all three. 
A $99 enterprise edition of the 
development tool connects with 



L 




Developers like to hide their use of 
a runtime, says DDH's Haupert. 



tions. "Some schools and busi- 
nesses don't want users doing 
more than what they are given. 
This limits them so they can 
only open the databases that 
are part of your package." 

Haupert described the expe- 
rience of compiling applications 
online: "Instead of downloading 
a compiler, you fill out an 
online form and it creates a zip 
file with a compiled app," a sin- 
gle file for Palm OS and an exe 
and dll for Windows. "You're 
building it once, and at the end 
you choose whether you want 
to build for Palm, Pocket PC, 
desktop or all three." 

The average footprint for a 
Palm OS or Pocket PC app is 
about 450KB, he said, and 
about 1.5MB for Windows. I 



announced. 

The modular software allows 
developers to modify or add to 
user interfaces, database back- 
end systems, synchronization and 
data sources, including Microsoft 
Exchange, SOAP, XML-over- 
HTTP, ODBC, JDBC and RSS. 

While similar applications 
could be built using solutions 
from companies such as iAny- 
where, "we store rich objects 
and offer full-text indexing. 
That does not exist in SQL solu- 
tions," claimed Mark Calkins, 
vice president of platform mar- 
keting at Agilix. He admitted, 
however, that for applications 
involving strictly relational data, 
Sybase's solution might be bet- 
ter. "We're best for applications 
with large amounts of rich data 
that changes regularly." 

TAKE NOTE 

Agilix also released InfiNotes, a 
.NET component that offers 
developers a set of controls for 
adding note-taking capabilities 
to any .NET application. 
InfiNotes allows any applica- 
tion to be notes-enabled with 
full-text indexing and searching 
of digital ink and text, Allen 
said. InfiNotes costs $995 per 
developer with no royalties. I 
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Trolltech's GUI on UMTS/EDGE Reference Design 



BY EDWARD J. CORREIA 

Linux GUI developer Trolltech 
has teamed up with Samsung 
Electronics and chip-maker 
Infineon Technologies to pro- 
duce a reference design for a 
media-sawy smartphone that 



the companies claim is the first 
Linux-compatible design to be 
based on UMTS/EDGE, an 
emerging broadband technolo- 
gy standard for GSM networks. 
The board was unveiled on 
Feb. 14 at the 3GSM World 



Congress in Cannes, France. 

Short for the Universal 
Mobile Telecommunications 
System, UMTS, when com- 
bined with Enhanced Data 
Rates for Global Evolution 
(EDGE), reportedly increases 



cellphone bandwidth to the 
point of practicality for capabil- 
ities such as video calling and 
streaming, MP3, MPEG-4 and 
H.262 multimedia applications, 
and fast Web browsing. 

Pricing and availability were 
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not disclosed on the reference 
platform, which is built around 
Samsung's S3C24A0 16/32-bit 
RISC system-on-chip with 
MMU and hardware MPEG 
encoder/decoder, LCD con- 
troller and camera interface, and 
Infineon's MP-U UMTS/EDGE 
modem platform and communi- 
cations protocol stack. The kit 
will be bundled with a Linux 
kernel developed by Samsung, 
drivers certified by MontaVista, 
Trolltech's Qtopia GUI and 
application platform, and audio 
and video applications from 
Emuzed, a Freemont, Calif. - 
based company founded in 1999 
by MPEG-industry leaders. 

"Qtopia is the face of Linux 
on mobile phones," said Troll- 
tech CEO Haavard Nord, "and 
[we are] pleased to collaborate 
with this group of industry 
leaders." I 

Solidcore Closes 
Open Systems 

BY EDWARD J. CORREIA 

Security software vendor Solid- 
core Systems on March 1 was 
set to release Solidcore Embed- 
ded Solution, a system that 
locks down Linux, Solaris and 
Windows devices, protecting 
them from compromise by 
unauthorized software installa- 
tion or malicious attack. 

According to vice president 
of marketing Rix Kramlich, the 
solution works by identifying 
executable code on an embed- 
ded system prior to device 
deployment and publishing it as 
a so-called white list, a list of 
code authorized to run. "Code 
introduced later that's not on 
the white list will not run," he 
said. A second mechanism pre- 
vents infiltration through pro- 
cesses within approved apps. 
"Approved code talks to the 
operating system in a unique 
way so that unapproved code 
cannot operate." Pricing is vol- 
ume-dependent, and negotiat- 
ed individually. 

Kramlich said the solution, 
which occupies less than 1MB 
of device memory, also is mini- 
mally invasive in terms of 
processor cycles. "We do all our 
work up front, so when the sys- 
tem goes into production, we 
don't suck cycles out of the sys- 
tem because we're not doing 
anything in the data path." Sys- 
tem overhead is less than .02 
percent, he claimed. I 
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Change For 
The Sake Of 





Change 
Management 

As businesses feel pressures of distributed development 
and regulatory compliance, they need more visibility into 
and control of changes from development to deployment 




BY DAVID RUBINSTEIN 



There has been a sea change in the 
change management market, as 
many providers of point solutions 
now embrace an "application life 
cycle" approach to managing 
enterprise applications, from inception 
to implementation. 

The change has been evolutionary, so 
it's impossible to pinpoint the exact 
moment the market shifted. However, 
most of the software vendors inter- 
viewed for this article agree there were 
three forces that came into play to drive 
them from their place in the source code 
control market into a broader field: the 
complexity of distributed development, 
regulatory compliance and CIO 
accountability to the business. 

And as various vertical industries 
cope with those forces and their effect 
on application development, companies 
are finding that more than ever, they 
need the ability to trace, audit and con- 
trol actions through the life cycle. 

"The life cycle has become a continu- 
ous loop of patches and changes to 
deployed applications," said James 
Rogers, vice president of product mar- 



keting at Serena Software, which several 
application life cycle management and 
software configuration management 
tools. "In the evolution from SCM to 
ALM, the secret sauce is process." 

IT'S ABOUT PROCESS 

Companies need mastery and control 
over their development processes, and 
they must be able to demonstrate they 
are complying with those processes, 
according to Dominic Tavassoli, product 
marketing manager for change manage- 
ment applications at Telelogic. "We're 
getting to a point, kind of a Darwinian 
reaction, where the boards of directors 
realize it's survival of the fittest. They 
need a process improvement initiative to 
stay competitive." 

The move to automating processes 
with computers has resulted in more 
productivity, but another result has 
been the heightened pace of changes, 
which also now impact the broad 
business. "It used to be that changes 
were compartmentalized," said Ed 
Roberto, president of Newmerix, 
which sells change management tools 



for packaged applications. "Now the 
changes have become more complex, 
and that has ripple effects throughout 
the system." 

According to Bill Phelan, vice presi- 
dent in charge of the Rational team 



Business Change ,- 
Processes. ■ 



products at IBM, process was some- 
thing companies historically did not 
want to speak about. "For years, 
process has been a four-letter word," he 
said. "When you talk about it as 
► continued on page 34 
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Change management has become but one slice of application life cycle management, accord- 
ing to Gartner. 
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Change Management Undergoes a Sea Change 



with the benefit of integration buy-in is the fact that this is the 

automation, or life cycle guid- and automation, otherwise first generation of software 

ance — moving things from one you're simply imposing a new development managers who 

stage to another — then it has a way to work on organizations have grown up with CM tools, 

strong place." But he noted and you'll face resistance. said Rick Riccetti, CEO of 

that process has got to come One thing that will help with Seapine, another player in the 



market. "If you're used to using 
it as a programmer, you'll use it 
as a manager." 

With the advent of service- 
oriented architectures, the 
need for control has become 
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even greater, said Ken Bar- 
rette, product manager at 
Quest Software. "With more 
and more applications being 
created as a composite, you 
might not have direct control 
over some of the components. 
The need to be aware of 
changes to those assets and 
assess the impact is fundamen- 
tally different from creating the 
entire application in-house." 

Yet code management is sim- 
ply one part of the development 
process, according to Carl 
Theobold, a vice president at 
Serena. "SCM tools solve some 
problems, but don't scale from 
requirements to production. 
You need a coordinated effort in 
the life cycle. The quality bar is 
rising. There is a frustration with 
customers over software that 
isn't high quality." To serve that, 
more things in the life cycle 
need to be done in a repeatable, 
predictable way, with less ad hoc 
efforts under way. Traditionally, 
Theobold said, businesses had a 
lot of trust in their software 
developers. "That," he said, "is 
going away." 

Newmerix's Roberto sees a 
marriage of professional disci- 
plines — a view also taken by 
IBM's Philbin, who said his com- 
pany also is addressing the life 
cycle in terms of roles, not job 
positions. "The person who used 
to be called a programmer/ana- 
lyst now does development, test- 
ing and perhaps even training," 
Philbin said. "When customers 
purchase products, they're really 
purchasing roles. And the roles 
are getting blurred." 

DISTRIBUTED DEVELOPMENT 

With people in different parts 
of the country or even around 
the world working on the 
same projects with increasing 
regularity, the need to control 
the development process has 
increased. "A developer wants 
to check out a file, change it, 
and fix it," said Perforce 
founder and CTO Chris Sei- 
wald. "The SCM system is right 
in the middle of your work, 
between the editor and compil- 
er. People are getting to be 
more religious about their 
SCM systems than their oper- 
ating system." 

Companies need to be able 

to give their developers, no 

matter where they are located, 

a little documentation and 

► continued on page 36 
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ALM, SCM and the Future 



What's next in the evolution of the 
development process? Some of the lead- 
ing vendors offer their thoughts. 

"Where people want to go is to rede- 
fine what impact analysis means. There 
are tools that do cost analysis from an 
abstract level. They're just financial exer- 
cises. In an IT environment, where fluc- 
tuations occur by the hour, there's a need 
to see the real impact of change to assess 
the value of the change." 

— Ken Barrette, Quest Software 

"Once everyone has bought into the 
notion that a platform is necessary, I 
think you'll see more roles added in that 
don't have a good point solution, such as 
portfolio management, and operations 
and deployment." 

— Rob Cheng, Borland 

"People will want to be able to get 
more out of the data. You'll see manage- 
ment consoles for development, with 
visualizations of what's happening in the 
process. Development shops will 
become more self-aware, to get smarter 
as an organization without the manual 
work that's required now." 

— Susan Emery, Borland StarTeam 

"We see a tighter integration with pro- 
ject management and test management 
tools within product life cycle manage- 
ment. We're integrating our system and 



software solutions into product life cycle 
management, bringing it into develop- 
ment teams in the arenas of mechanical, 
electrical and electronic engineering." 

— Andy Gurd, Telelogic 

"The next logical place is closing the 

loop — what happens to the app after it's 



deployed. Real-time production moni- 
toring alerts... close the loop. You need 
the real-time data feed to see what's 
going on, diagnose it and fix it to ensure 
it's adjusted for the next time the appli- 
cation is deployed." 

— Bill Philbin, IBM Rational 



"In the next three to four years, 
organizations will be looking for solu- 
tions that provide executive visibility 
into development and deployment. 
After better process come control and 
visibility. Then, the next thing will be 
traceability of costs, as companies will 
add financials in so businesses can mea- 
sure the costs of all activities in their 
life cycle." 

— Carl Theobold, Serena 



THIRD PARTY TOOLBOX 



The following describes the functionality built into some products 
from a selection of application life cycle management vendors: 



BORLAND 

Core:: Analyst 

Core::Architect 

Core::Developer 



Core::Tester 



requirements, use case and activity diagrams 

modeling, metrics 

change requests, test cases, source code control, development, 

defect tracking, unit testing, up-to-date requirements, 

version control 

functional testing and compliance 



TELELOGIC 




DOORS 


requirements management 


TAU 


modeling, development, testing 


SYNERGY 


change and configuration management, version control 


SEAPINE 




TestTrack Pro 


defect tracking 


Surround SCM 


code configuration management, version control, 




change management 


OA Wizard 


automated functional testing, regression testing 



IBM RATIONAL 

RequisitePro requirements management 

ProjectConsole project management 

ClearCase configuration management, version control 

ClearOuest process management 

TestManager testing activity management 

Rose XDE modeling 



MICROSOFT 

Visual SourceSafe 
Visual Studio 2005* 
Team Architect Edition 
Team Developer Edition 

Team Test Edition 



source code and version control 

application, infrastructure and deployment modeling 
dynamic and static code analysis, profiler, code coverage, 
unit testing 

load and manual testing, test case management, 
unit testing,code coverage 

*Visual Studio Team System not yet available 



MKS 




Integrity Manager 


change management, defect tracking 


Source Integrity 


code configuration management, version control 


Enterprise 




Requirements 


requirements management 


Build & Deployment 


build management 



SERENA 

RTM 

TeamTrack 

ChangeMan Dimensions 
ChangeMan DS 
ChangeMan ZMF 



requirements management 

process management 

configuration management, version control, build 

change management, distributed systems 

change management, mainframes 



Note: MKS and Serena products offer testing capabilities through integration with 
tools from Mercury. 
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Visibility, Control Force Change Management to 



4 continued from page 34 

guidance from their develop- 
ment managers, and then they 
can do their job the right way, 
he said. 

What distributed develop- 
ment has created a require- 
ment for is traceability, accord- 
ing to Serena s Rogers. "Change 
management was really asset 
management of the code, and 
coordination of changes with 
developers and QA. It was for 
small teams. Now, almost every 
individual needs traceability, 
auditability and control." 

Serena's Theobold added 
that with more work being done 
in a distributed manner, "the 
demands on visibility are 
greater" for development man- 
agers. "It can be difficult to gain 
that visibility." Telelogics Andy 
Gurd noted that tool suites can 
provide visibility for the various 
stakeholders in a project with- 
out requiring them to toggle 
between tools to get what they 
need. "That's what makes these 
suites more enterprise-centric 
than the point solutions aimed 
at developers." 

As software projects get 
larger and teams are more 
spread out, control is essential, 
said Seapine's Riccetti. This 
control is what is helping soft- 
ware engineering as a disci- 
pline mature beyond some 
crazy art. "All these people are 
trying to share files and man- 
age change," he said. "To man- 
age this, you need a complete 
history of what occurred 
beyond version control. Why 
did it change, who changed it, 
and who reported the issue? 
You need to track it back, to 
get a history of the issue and 
the change all linked together 
to flow the information 
through the organization." 

REGULATORY COMPLIANCE 

With Sarbanes-Oxley, HIPAA 
and other federal or industry- 
wide rules come the need for 
traceability and accountability. 
Companies not only have to 
respond to changes in the 
organization, but now must 
document the steps they took 
to ensure privacy or that they 
are meeting the new imposed 
standards. 

"People are being asked to 
prove they have control of their 
environments," said Rob War- 
mack, senior director of product 
strategy for Tripwire, a company 



that sells solutions to manage 
change in deployed applica- 
tions. "A control framework is 
where a lot of these tools are 
driving. You need change audit- 
ing standards built in. 



"Compliance is here to say 
and will only increase," he 
added. "Process integration will 
have to be automated and 
inherent in any framework. This 
way, you inspect the counting 



machines and not the beans." 

MKS, which has built out its 
own life-cycle management 
solution, also is looking at the 
area of dealing with changes to 
deployed applications. "We'll 



be supporting the [IT Infra- 
structure Library] processes for 
system failures," said Dave 
Martin, vice president of prod- 
uct management. "There's a 
whole industry springing up 
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Change 



around it. This will help ensure 
a consistent set of practices for 
managing the system infra- 
structure, and this is a good fit 
with the software life cycle." 
Compliance also is driving 



the need for managing change 
in the production environment. 
"People are being asked to 
prove they have control" of the 
environment, said Rob Warma- 
ck, senior director of product 
strategy at Tripwire. "Once a 
change is approved, tested and 
released, how do you know the 
state of the application is in the 



right place?" 

Warmack said this will lead 
to the notion of third-party val- 
idation as a complement to 
SCM tools. "They don't touch 
the infrastructure," he said of 
the application change man- 
agement tools, "and we can't 
show exactly what changed. 
We can say the infrastructure 



is intact, and there is no varia- 
tion in the application. The 
question is, 'Should the appli- 
cation have changed? Was it 
affected by change or not?' 
That's where third-party vali- 
dation comes in." 

Further, Warmack believes 
process integration will have to 
be automated and inherent in 
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any application management 
framework. "You must have 
controls in place," he said. 
"This way, you inspect the 
counting machines and not the 
beans. You should be able to 
check the controls and not the 
changes. Change management 
is driving from efficiency 
toward excellence." 

VIEW FROM C-LEVEL 

Enterprise development shops 
are notorious for having multi- 
ple silos that have formed over 
time, each holding bits of data 
that are difficult to access and 
share between roles and 
departments. But the need for 
business executives to gain visi- 
bility into and control over the 
development process as one of 
several business processes has 
led to the creation of these life 
cycle platforms, according to 
Susan Emery, product manager 
for Borland's StarTeam tools. 
"In a development environ- 
ment, you need to trace items 
from the requirements stage 
and manage the change across 
the silos of roles," she said. 
Allowing automatic communi- 
cation between roles in the 
tools lowers the walls that build 
up between them, she added. 

"Change management always 
inherently involved source code 
control," said Eric Lee, a prod- 
uct manager for Microsoft's 
Visual Studio Team System. 
"Now we're [seeing companies] 
trying to involve the business 
decision-makers. Change man- 
agement is becoming more 
encompassing." 

The company, Lee said, is 
hoping to see the same sort of 
cottage industry spring up 
around Team System that was 
created around Visual Basic. 
"We've spent a lot of time 
developing the low-level infra- 
structure and engines so part- 
ners can build on it." 

This will help build out the 
broader life cycle management 
solutions, according to Bor- 
land's Rob Cheng, director of 
product marketing. "In the 
past, there was nowhere to put 
a lot of capability for portfolio 
management, for example, 
because it wasn't specific to 
one tool in a point product. 
Just as the J2EE servlet con- 
tainers and app servers have 
given way to broader plat- 
forms, with such things as por- 
tals now added in, we're seeing 
the same economies of scale in 
the application life cycle man- 
agement market, and the same 
advantages to integration." I 
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Three Legs to Change Management 

But when it comes to tools, integration is the suite spot 

BY DAVID Rubinstein source code management and others talk about process and the same place. That's the belief 

Vendors come at the problem version control, while others control systems. of Gartner analyst Jim Duggan, 

of life-cycle management from tout the benefits of scanning It appears, though, that ulti- who said it will take years and a 

their strengths. Some advocate deployed applications and still mately, they all could end up in lot of hard work, but that in the 




end, it will be a handful of large 
vendors who can offer end-to- 
end change management. 

Duggan cited three legs to 
change management — applica- 
tion development, service desk, 
and operations. Where once 
those legs were independent, he 
said, today there is better inte- 
gration within each of the legs, 
especially application develop- 
ment, where tools for require- 
ments management, defect 
tracking and debugging, testing 
and change management are 
rolling up into unified platforms. 

On the operations side, he 
said, there is a notion of a con- 
figuration management data- 
base that will include such 
things as network and patch 
management and hardware 
configuration. "But until we get 
five years out, I don't see the 
three legs getting tied together 
easily," Duggan said. 

In the application develop- 
ment space, in fact, the com- 
moditization of these tools 
already has begun. Five years 
out, Duggan pointed out, virtu- 
ally all the requirements man- 
agement tools were indepen- 
dent. Today, RTM is part of 
Serena, DOORS is part of Tele- 
logic, Requisite is part of IBM 
and Caliber is part of Borland. 

Another vendor, SteelTrace, 
has a working arrangement 
with Compuware, Duggan said, 
while MKS is building its own 
product. "We'll see test adminis- 
tration following down the same 
path," Duggan said, citing the 
fact Mercury already wraps its 
IT Governance Suite, acquired 
from Kintana, around TestDi- 
rector. Debuggers, he noted, are 
landing either in IDE s or in low- 
level testing tools. 

As this integration continues, 
the question arises: Can vendors 
of point solutions survive? 

Duggan thinks it will be 
hard for point-solution vendors 
to remain competitive unless 
they really can sell themselves 
on their differentiators. "In so 
many cases, the suite is so much 
better than the average of the 
[point solutions]." 

However, Chris Seiwald, 
founder and CTO at Perforce, 
said the suite-vs. -point solution is 
a pendulum that swings back and 
forth. "We're still quite a ways 
away from a single solution," he 
said. Rick Riccetti, CEO of 
Seapine, agrees there is room for 
point solutions, so long as the 
integrations provide the capabil- 
ity users want in a management 
system. "There's no 'one-size- 
fits-alP in this," he said. I 
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EDITORIALS 

Aspects of An 
Enterprise Solution 

The constraint-based development model called 
aspect-oriented programming, or AOP, has been dis- 
cussed and evolved since AspectJ, an extension to Java, 
was created at Xeon Pare in the late 1990s. With the 
transfer of AspectJ to the Eclipse Foundation in late 
2002, and the launch of a variety of AOP projects, the 
programming paradigm started gaining traction. 

Yet so far, AOP remains a niche paradigm, despite the 
popularity of AspectJ and of JBoss' creation of an AOP 
framework. When you go outside of the Java universe, 
you'll find few aspect projects for C++ and .NET. Even 
within the Java camp, there's been little impact on the 
software development community. 

That is a shame. Aspect-oriented programming offers 
the promise to reduce the complexity of large-scale appli- 
cations by separating common elements, called concerns, 
out from the business logic of the applications. Modules 
containing these common concerns can be written, test- 
ed, refactored and secured independently of the underly- 
ing application code. 

Is aspect-oriented programming as big a paradigm shift 
as, say, object-oriented programming? No. Rather, it's a log- 
ical extension to the OOP programming model. If concerns 
can be efficiently encapsulated in AOP modules, and then 
woven back into the application during the build process, 
the app code can be simplified, and developed at less cost. 

There are challenges ahead of AOP. Advocates need to 
demonstrate that it can scale to large enterprise projects, 
and that quality assurance won't be a problem for applica- 
tions built using this paradigm. Also, AOP needs to extend 
into the core managed runtime platforms, including J2EE 
and .NET, rather than be based on add-on frameworks. 

None of these challenges is insuperable. 

Smart Clients: Here We Go Again 

A theme of last month's VSLive conference was smart- 
client computing: developing ASP.NET server appli- 
cations that can run in a browser if necessary, but which 
can detect and leverage the capabilities of a rich client's 
graphical capabilities and .NET Framework runtime. 

This continues a theme Microsoft has promoted for 
years: that developers should build Web applications that 
run best on Windows clients, and which depend on push- 
ing executable code from the Web server down to the Win- 
dows client. Whether it's rich browser applications that use 
ActiveX controls, or these new smart clients that deploy 
local Windows Forms code, the underlying concept is the 
same, even if some of the technical details differ. 

But behind the technology, this vision is Microsoft's lat- 
est attempt to maintain its Windows XP monopoly by 
encouraging the development of Web sites that are, by 
definition, only optimal if viewed on a modern, .NET- 
equipped Windows desktop or notebook. 

Also, by basing its smart Web experience on down- 
loadable executables — which can be updated without the 
end user's knowledge — Microsoft is also likely to intro- 
duce yet another security flaw into the Internet and 
enterprise networks. 

Microsoft is certainly predictable and consistent in its 
attempts to dominate the Web. We're not surprised. I 



The Software Industry Is Too Reactive 



A quick glance at the soft- 
ware news lately should 
make you wonder why software 
vendors can't develop secure 
software code. CERT has stat- 
ed that more than 90 percent of 
software security vulnerabilities 
are caused by known software 
defect types, and most software 
vulnerabilities arise from com- 
mon causes: The top 10 causes 
account for about 75 percent of 
all vulnerabilities. 

The software industry needs 
to be more proactive. The 
numerous patches Microsoft 
must roll out create a headache 
for IT managers everywhere as 
they try to adhere to compliance 
deadlines. While worms and 
viruses disrupt business opera- 
tions, current software patching 
solutions struggle to keep up 
with the attacks. In order to 
achieve a breakthrough in this 
arms race, the software industry 
should focus more on the root 
causes of insecure software by 
making their software source 
code resilient to these attacks in 
the first place. 

The challenge for software 
vendors is that the pressure to 
write more secure software 
conflicts with the pressure to 
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reduce operational costs. There 
is an expectation that any new 
development strategies shall be 
applicable across geographical- 
ly distributed teams, work can 
and should be offshored when 
appropriate, and commercial 
off-the-shelf components can 
be embraced. 

The software in- 
dustry is on the verge 
of a new era where 
cost control is para- 
mount and high levels 
of both security and 
quality become a 
"standard feature" of 
any commercial soft- 
ware. To be successful 
in the new era, software organi- 
zations need to understand that 
development processes are the 
key to any software security 
strategy. 

LATEST QUALITY IMPERATIVE 

The fact is that all software has 
bugs, and unfortunately, a sur- 
prising number of these bugs 
have security implications. In 
addition, as new attacks are 
being invented, software behav- 
ior that could have been consid- 
ered correct when a piece of 
software was written may have 
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unintended effects when delib- 
erately exploited. Since hackers 
are trying to break into a system 
at every level of the application 
stack, heap or registry, it's criti- 
cal to understand the security 
implications of programming 
decisions in order to keep soft- 
ware secure. 

When security 
vulnerabilities in a 
vendor's software are 
exploited, significant 
costs are faced by the 
vendor and its soft- 
ware users, which 
can be costly and 
damaging to the 
company's reputa- 
tion. The sooner these (or any) 
defects are found and corrected 
in a company's source code, the 
less costly they are to fix. 

Typically, the current 
approach to addressing this 
issue involves issuing a public 
advisory when a major new soft- 
ware vulnerability is discovered; 
this is common with many of the 
widely deployed applications or 
systems, such as Windows or 
Internet Explorer. Once veri- 
fied, the corresponding security 
bugs are added to a security 
watch list, and patches are ere- 
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PLAN TO TEST 

The problem with testing is 
more than just the when and 
how that you covered ["Making 
Testing 'Suck' Less," Feb 1, 
page 34]. It is a basic business 
plan model. If those that make 
software are truly interested in 
creating a quality product that 
meets specs and is on time, 
QA/testing should be involved 
from the day system architec- 
ture begins. The QA team needs 
a representative on each project 
as it evolves. Developers think 
inside their own bubble. That is 
not a fault; typically it is a plus. 
QA/testers are forward thinking. 
They see what happens next, 
before it happens. 

QA often sees potential user 
problems that developers can't 
see and problems the specs fail 
to address. This cuts coding time 
drastically when the developers 
fix what is broken before it even 
breaks. A big part of the prob- 
lem is the "us vs. them" mentali- 
ty between testing and program- 
ming. The companies that 
eliminate this battle will break 



out in front; the others will have 
to follow suit to keep up. 

Julie Yack 

VP, Colorado Technology 

Consultants 

TRAINING DEVELOPERS 

I thoroughly enjoyed David 
Rubinstein's recent column "The 
Importance of Training" [Jan. 15, 
page 34] and feel that his 
remarks were right on track with 
what we are seeing in the indus- 
try. As the director of marketing 
for the leading IT training video 
company, we speak with hun- 
dreds of workers every month 
who are seeking to improve their 
skills and knowledge. 

It is quite common to see 
large investments in training on 
the network and server adminis- 
tration side of IT, but we find 
that the software development 
side has been almost training 
averse, making his message very 
appropriate to your audience. 
Note the number of certified 
MCSEs versus the number of 
people with an MCSD, yet the 
overall number of software 



developers worldwide is equal 
to or beyond the number of sys- 
tems administrators. 

Much of that disproportion 
can be attributed to Microsoft's 
domination of the server OS 
market, versus numerous popu- 
lar software development plat- 
forms; however, it does not 
explain why someone wanting to 
learn about Cisco switches is 
more likely to go to a class or buy 
a training video, while the person 
wanting to learn Java borrows a 
friend's third-party book and 
attempts to learn it on their own. 

I feel that regular attention 
to the subject of training and 
reviewing various learning tools 
would go a long way toward 
bringing the importance of 
training to the forefront. 

We currently have training 
for MCAD and MCSD certifi- 
cations focusing on XML, 
VB.NET and SQL, as well as 
videos for Java and the SCJP 
certification. Additionally, we 
are now working on an "On the 
Job Training" video series, fea- 
turing projects that build skills 
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ated. This type of open collabo- 
ration is a positive step and has 
enhanced software security — or 
at least awareness of the prob- 
lem — to a certain extent. 

The obvious limitation with 
this approach is that all of these 
events take place after the soft- 
ware has been deployed, when 
the cost of repair is highest and 
the risk of brand damage great- 
est. As a result, there is a grow- 
ing consensus in the industry 
to implement strategies that 
address software security 
before applications are ever 
deployed. In order to do this, 
development organizations are 
zeroing in on the largest single 
source of security vulnerabili- 
ties: implementation (or cod- 
ing) defects. In other words, 
software security has become 
the latest software quality 
imperative. 

When software managers 
are told that security is becom- 
ing a software quality issue, the 
immediate reaction is to consult 
the "quality team" — i.e., the 
testing team. Unfortunately, 
when it comes to addressing 
software security, many tradi- 
tional testing approaches used 
today fall short. 

Black-box (or functional) 
testing approaches are de- 
signed to verify expected be- 
havior in software rather than 



unexpected hacker usage. The 
goal of most hackers is to search 
for vulnerabilities by operating 
a system outside of its intended 
behavior. It's important, there- 
fore, to address all paths in your 
source code, not just those that 
lie in a testing footprint. 

DIVIDE AND CONQUER 

The development of new soft- 
ware applications rarely begins 
from a clean piece of paper. 
The concept of a new release 
normally means the addition of 
new features or functionality 
built on top of an existing 
codebase. 

Over time, as existing soft- 
ware systems get larger and 
more complex, they evolve into 
conflicting or challenging 
designs that often resist evolu- 
tion and bug fixes. This can 
require laborious manual cod- 
ing/review methods and signif- 
icantly hinder the business 
agility of an organization. 
Today, the most common way 
in which organizations are 
dealing with this issue is to 
"throw more development 
bodies" at the problem, which 
in return does not guarantee 
improvement. 

The major planning consid- 
eration is the differing strate- 
gies to improve security in 
existing code versus new devel- 



opment. The approach cannot 
be the same in both cases; oth- 
erwise the job can be so over- 
whelming that it hinders the 
business of the organization 
beyond recovery. 

Secure coding practices 
should be systematically 
applied during new develop- 
ment, but oftentimes this is not 
the case. However, attempts to 
retrofit the same practices to 
large existing codebases would 
produce a large number of 
changes and a risk of unfore- 
seen impact these changes 
would induce. Improving secu- 
rity of existing code requires a 
different approach. 

The same can be said for any 
changes to design or architec- 
ture. Improvements in these 
areas for large systems need to 
be targeted and incremental, 
focusing on areas where devel- 
opment teams will get the most 
return on their investment. 

With these considerations in 
mind, here are six high-level 
phases that organizations should 
use to implement a robust soft- 
ware security strategy: 
• Perforin a systemwide 
security and quality assess- 
ment of your software. This 
is necessary to uncover weak- 
nesses of your software and 
risks that they present to your 
organization. 



• Implement a policy for 
new development. The inte- 
gration of a "stop the bleeding" 
process into your development 
environment is an important 
phase to get immediate control 
over the problem. 

• Conduct a multidimension- 
al analysis. This would include 
looking at deeper design and 
architecture weaknesses and cor- 
relating them with already 
uncovered security weaknesses. 
The findings would be used as 
planning input to your strategies. 

• Convert findings into code 
improvements. Clean up your 
"one-time fixes" and update your 
tools to include any new policy. 

• Measure improvement. 
When implementing security 
improvements, it is imperative 
to measure them and monitor 
their trends, otherwise it will 
never be clear if you are win- 
ning or losing the battle. 

• Manage iterations of secu- 
rity improvements. To suc- 
cessfully effect change across 
the organization, management, 
technical leads and developers 
need to work together and 
leverage the same data regard- 
ing the security and quality of 
their software. I 

Djenana Campara is founder 
and CTO of Klocwork, which 
sells software testing tools. 



you need to be an effective 
developer in the workforce. 

Jeff Short 

CBT Nuggets 

SUCCESSFUL SOLUTION 

Loved this write-up ["Angels in 
the Architecture," Dec. 1, 2004, 
page 23], particularly because I 
was partly instrumental in intro- 
ducing the use of JBoss, JBoss 
clustering, TIBCO messaging, 
and JBossCache to develop 
some solutions at my company. 
It's great to see the approaches 
I've advocated taken to extreme 
levels of performance, a la 
Ameritrade's transaction system. 

My own solutions have 
been very successful, but you 
can bet I'll be using this article 
to further reassure manage- 
ment that we can rest easy with 
regard to taking this develop- 
ment approach further and 
with regard to even more criti- 
cal systems. 

Roger Voss 

Tideworks Technology 

NETBEAN COUNTING 

I know "The End of IDE Com- 
petition" [Sept. 15, 2004, page 
39] is an older column, but I'd 



like to point to your own 
research that NetBeans is cer- 
tainly not in decline. 

In fact, we've made some 
significant improvements to the 
IDE since your article was pub- 
lished and are receiving some 
great reviews. We released the 
4.0 version in December and 
had 4.1 in Early Access even 
before that. 

We've made great strides 
with the projects system, win- 
dowing system, feature edition, 
profiling and J2EE develop- 
ment (with 4.1) that will offer 
developers significant advan- 
tages over Eclipse. I realize 
they do have the market share, 
but in your own study, Net- 
Beans is gaining, and our inter- 
nal statistics show the same. 

Try it out and let us know 
what you think. 

Tim Cramer 

Director of NetBeans, Sun 

CLARIFICATION 

A story in the Feb. 1 issue erro- 
neously implied that Infravio is 
exiting the Web services broker- 
ing business. According to com- 
pany officials, Infravio remains 
committed to that market. 
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The volume of new software development projects is on the 
rise, a positive indicator that the IT economy is continuing to 
gain strength, according to Enterprise Development Manage- 
ment Issues, a research report published in December 2004 
by Evans Data. 

The study, which polled project data from IT executives, 
showed that almost 70 percent of the 366 respondents are 
increasing the number of projects they are engaging in. 

A sign that projects are trending upward, 65 percent of 
respondents indicated that projects were increasing when 
asked the same guestion in a poll conducted in June 2004, 
the first time Evans had posed that guestion. In both its sum- 
mer and winter surveys, around 6 percent of respondents 
indicated decreases in new projects. 
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Should I Stay or Should I Indigo? 



The big news coming out of Febru- 
ary's VSLive conference in San 
Francisco was that Indigo, the service- 
oriented infrastructure that Microsoft 
hopes will unify interprocess communi- 
cation, will be available in a Community 
Technology Preview by late March 
("Even if its March 38th or March 43rd, 
we will deliver it in March," promised 
senior VP Eric Rudder). 

This was really the first time since 
Microsoft's 2003 Professional Develop- 
ers Conference that the community has 
had the coding model laid out for them. 
The programming model has evolved 
considerably since, and even in some of 
the presentations there were moments 
when presenters used outdated idioms. 

There's an old chestnut that any pro- 
gramming problem can be solved by 
adding another layer of indirection. I've 
long thought this to be true of 
Microsoft's approach to modular sys- 
tems. There's been one approach for in- 
memory, in-process reuse of compo- 
nents, another approach for in-memory, 
but out-of-process daemons, another 
approach for external servers on the 
local network segment, a different 
approach for message-oriented middle- 
ware, and several different approaches 
for integrating with enterprise systems 
and trading partners. 

While the simple description of Indi- 
go is that it's the evolution of the infra- 
structure for supporting Web services, 
it's really quite a bit more ambitious than 
that — it's an attempt to create a unified 
programming model for all systems that 
rely on out-of-process services. 



Whether you think of this as "compo- 
nents," "Web services," "service-orient- 
ed architecture," "connected systems" or 
other similar buzzwords, it gets back to 
the classic goals of reuse and integration: 
How do I elevate the power of my inter- 
nally developed code? How do I manage 
systems that are made from cooperating 
webs of independently 
deployed, independently 
evolving components? 

It would be massively 
naive to think that the soon- 
to-be-released Indigo bits 
represent anything like the 
final answer to these ques- 
tions. Reuse and integration, 
like productivity and innova- 
tion, are existential issues of 
software development, not 
technical ones. The technical question is 
whether a programming model provides 
reasonable and flexible scaffolding that 
facilitates the currently known best 
practices. Also, I'm one of those who 
believe that the learning curve and 
teachability of a programming practice 
drives acceptance to a very large extent. 

Indigo has a great pedagogical 
device, divvying up the challenges of 
service-orientation into "Address, Bind- 
ing, and Contract." Let the academics 
roll their eyes, but as far as I'm con- 
cerned, Indigo's "A-B-C" mantra is cru- 
cial to the technology's success. At 
VSLive, after the very first technical pre- 
sentation on Indigo, people seemed 
excited and confident about trying it, a 
reaction markedly different from what 
one sees at Web services conferences, 
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where people stumble through the halls, 
muttering acronyms to themselves in an 
attempt to put it all in perspective. 

I'd sworn to myself that I wouldn't 
mention type systems in this column for 
three months, but once again, the 
favorite bar-time topic in software devel- 
opment is impossible to ignore. 
Microsoftian Don Box 
described Indigo as "extrud- 
ing a type system that we can 
think about independently of 
our CLR types." 

In a presentation at 
VSLive, he said a key design 
feature in Indigo "is to get 
^fi I away from the authoritative 
type definition model" and 
"there is no centralized defin- 
ition" of a particular type. 
This is important for versioning and 
evolvability. Meanwhile, the CLR guys 
accelerated the expansion of the Com- 
mon Type System to include generics 
(see "Getting Specific About Generics," 
Feb. 1, page 28). This is important for 
versioning and evolvability. 

Sigh. I don't expect an industry con- 
sensus on type systems, but are there 
such fundamental differences between 
in-process and out-of-process that they 
support near-opposite approaches? I'm 
not convinced. 

While I can feel myself being 
swayed on the type systems question, 
I'm firmer in my dislike for another 
decision in Indigo. The visibility of an 
Indigo service is fully separable from a 
method's CLR visibility. Want to make 
a private method an Indigo service? No 



problem. According to Box, the CLR 
visibility defines an "in-memory facade" 
while Indigo's attributes define a "ser- 
vice facade." 

Of course we don't want all public 
methods to be exposed as services, but 
exposing my private methods? If you're 
going to create a multiyear, paradigm- 
shifting, unified coding model, wouldn't 
a new CLR visibility modifier for service 
(or, perhaps, "really really public") have 
made more sense? I feel like suing this 
design decision on constitutional 
grounds (yeah, yeah, the word "privacy" 
doesn't appear in the Constitution). 

A new type system, a new visibility 
system, attribute-based control of object 
life cycle... the great success of .NET 
compared to J2EE was that J2EE pro- 
moted a model that was different from 
and more complex than "Plain Old Java 
Objects" while .NET promoted a model 
that was simple yet not simplistic and 
that proved sufficient. 

Even as Indigo comes into public 
view, the Java community has resurrect- 
ed POJO as the preferred approach to 
the majority of corporate development. 
The question with Indigo is whether its 
higher abstraction and easier learning- 
curve will sufficiently hide the complex- 
ity of connected systems or whether it 
will, like the earlier releases of J2EE, 
require a level of technical skill not just 
extending, but orthogonal to, the pro- 
gramming model of the underlying plat- 
form. If they can keep it to "A-B-C," 
Indigo will be a success. If they start 
talking about "D-E-F," it's going to be 
Indigone. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his hlog at 
www. knowing, net. 
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Is Borland Relevant Anymore? 



At the beginning of this year, Borland 
announced its annual earnings. 
While it managed to stay in the black for 
the second year in a row, the posted 
numbers reveal a grim dimension: Bor- 
land's revenue from product licenses 
declined year over year. Given that this 
past year has been universally hailed as a 
rebound for technology, this decline is 
not good news. However, when you 
compare results of the three large pure- 
play vendors of programming tools (Bor- 
land, Compuware, and Mercury Interac- 
tive), the emerging picture is grimmer 
yet. Compuware s license revenues grew 
12 percent in the nine months ending 
the same quarter as Borland's report, 
while Mercury Interactive s grew 27 per- 
cent. So, what is the matter with Bor- 
land, then, that it was down 2 percent? 

As far as I can tell, two things: lack of 
product innovation and poor execution. 
Before the current problems, some ter- 
rible executive decisions severely hurt 
the company: the acquisition of VisiBro- 
ker, the name change to Inprise, the 
near acquisition by Corel. These events 
cast the company in an uncertain light. 

Coming after the disastrous acquisi- 
tions of Ashton-Tate and Paradox, the 
constant changes in the company's direc- 
tion made developers and their managers 
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gun-shy about committing to strategies 
that looked fickle and indecisive. Over the 
course of the past few years, Borland has 
certainly changed that perception. Every- 
one now knows it sells an enterprise-ori- 
ented toolchain that is particularly strong 
in Java. It also has a few oddball products 
like Delphi that, while not moribund, are 
unlikely to see much adoption. 

Almost as if to overcome 
the lack of direction of preced- 
ing administrations, the cur- 
rent executive team has been 
stuck in a prolonged product 
stasis that is starting to hurt 
sales. Borland acquired several 
well-respected technologies, 
such as Together, Caliber RM, 
Optimizelt and StarTeam, 
stuck them to the Builder 
IDE, and sold the lot as a 
lightly integrated toolchain. This worked 
because the acquired products were solid 
and had loyal customers. 

During the next few years, the com- 
pany did nothing to expand the tool- 
chain. It took a conservative view of 
enterprise development needs and, I 
believe, figured that any important 
changes in the market could be 
addressed with additional acquisitions. 
Surprisingly, IBM's acquisition of Ratio- 
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nal, which should have signaled Big Blue 
was about to push hard into enterprise 
software tool sets, did little to incentivize 
Borland to greater action. As a result, its 
product line looks long in the tooth and 
devoid of innovation. In the three areas 
of greatest interest to developers today — 
testing, security and Web services — Bor- 
land has no offering. 

As for IDEs, its once- 
admired JBuilder product has 
done little to stay ahead of 
the competition. On PCs, 
the capitulation to Microsoft's 
Visual Studio for Windows 
development is astonishing 
and complete. For all the years 
that Visual Studio was a little 
maintained, so-so IDE, Bor- 
land never made any run at 
this market space. So, when 
the .NET version of Visual Studio came 
out with across-the-board enhancements, 
Borland had no choice but to fold up its 
tent and go home. Nonetheless, it made 
one brief foray — with C# Builder, in 
which it attached its lesser GUI front end 
to the C# compiler it leased from 
Microsoft — before finally succumbing. 

Even when the company did inno- 
vate, it failed to convert its innovations 
into an advantage. Consider that when 



Borland released Kylix (the Linux ver- 
sion of Delphi) there were no compara- 
ble IDEs available on Linux. So a well- 
implemented RAD tool with seamless 
cross-platform portability was bound to 
succeed. Its launch caused a lot of excite- 
ment, which Borland steadily dissipated 
by neglecting the product and shipping 
releases that were tarnished by bugs. 

During the past few years, I have seen 
some terrific point tools that were once 
the domain of Borland's factories of inno- 
vation. These include the Eclipse IDE, 
the IntelliJ environment, Compuware's 
DevPartner, Intel VTune Performance 
Analyzer, Mindreef's SoapScope Quest/ 
Sitraka's JClass components, and so on. 
Nothing comparable has appeared from 
Borland. And, if recent press releases are 
to be believed, the company's new 
Themis product launch will not offer any. 
Themis is a repackaging of existing or 
slightly revved products, that will now be 
sold in bundles depending on the user's 
role. Hardly product innovations. 

So with Microsoft eating up the .NET 
market, Eclipse and Rational stealing 
Java and enterprise customers, where 
can Borland go? Alas, nowhere. I believe 
it will eventually become entirely depen- 
dent on its acquisitions of Together, Cal- 
iberRM, and StarTeam and sell those 
until they, too, run out of gas. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works LLC. 
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The notion of a model- driven archi- 
tecture has confused many, in terms 
of what it is, what it hopes to accomplish, 
and how to implement it. So Object 
Management Group, which oversees the 
MDA initiative, is working on a defini- 
tion and a way to certify that what ven- 
dors are peddling as MDA solutions 
really meet a clearly spelled-out set of 
criteria. 

As I have come to under- 
stand it, there are four layers 
to an MDA solution — the 
computer-independent mod- 
el, the platform-independent 
model, the platform-specific 
model, and of course, the 
underlying code. According 
to one OMG member, who 
asked not to be identified, 
among the certification pro- 
posals is that a vendor need only support 
any two of these layers — as well as the 
Meta Object Framework (MOF) and 
the XML Metadata Interchange (XMI) 
for import and export — to be certified. 

The problem with this, according to 
this OMG member, is that there are 
more than 100 vendors of UML model- 
ing tools that meet that low standard of 
compliance, and as such can claim that 
they actually are selling an MDA-com- 
pliant solution. That confuses the mar- 
ket, he believes — and I agree. 

Yet UML, my source said, is not 
required to implement MDA, despite 
OMG's position that UML is the under- 
pinning for MDA. For a computer-inde- 
pendent model, which most often is 
used for business design and not system 
design, a language such as the Business 
Process Modeling Notation (BPMN) is 
most effective. UML is fine for plat- 
form-independent models, but isn't well 
suited for platform-specific modeling, 
according to the source. 
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The key to making an MDA solution 
work is the ability to synchronize the 
models and code between the various 
layers, so that a computer-independent 
model described in BPMN, for instance, 
is linked to C + + code to run on a specif- 
ic platform. So a vendor supporting 
every layer of the MDA wouldn't need 
XMI for model interchange, because 
can complete the transforma- 
tions on its own. 

I brought this question to 
Andrew Watson, the man at 
OMG who's heading up the 
discussion of MDA certifica- 
tion, and he emphasized that 
this all is in the discussion 
stage right now — "I'd call it 
more of a discussion than a 
battle," he said. 

Watson explained that the 
criteria for certification could involve 
more than merely supporting two layers, 
MOF and XMI. There are now five cri- 
teria in Watson's proposal for certifica- 
tion: implement one or more of UML 
1.x, MOF 1.x, a MOF l.x-compliant 
meta-model or a UML 1.x profile; 
implement XMI import and export; pro- 
vide user-defined transformations 
between two or more of the model lay- 
ers; be able to generate multiple com- 
plementary sets of machine-level arti- 
facts such as Java code, XML schemas, 
test scripts and the like) from one high- 
level model; and provide for the long- 
term storage, maintenance and evolu- 
tion of the higher-level models and 
machine-level artifacts. 

Watson said, "It's the transformation 
that's the important thing, not the num- 
ber of model types," such as CIM or 
PIM or PSM, a solution supports. 

He defended MOF support by saying 
that in the model-driven world, it is 
agreed that there needs to be a place to 



store the models, and in the OMG 
world, that place is a MOF repository. 
Microsoft is proposing something called 
MetaData Framework to do the same 
thing, Watson said, adding that Micro- 
soft's MDF looks a lot like OMG's MOF, 
so exchanging MDF and MOF models 
shouldn't be much of a problem. 

Likewise, he said that even if some- 
one was using an MDA tool that did all 
its own transformations, XMI support is 
critical because users don't want to have 
their models trapped inside a single tool, 
so interchange is vital, and in the OMG 
world, XMI is the way to get that done. 

As for UML tools claiming to offer 
full MDA, Watson said at the core of 
MDA is support for multiple model 
types and the transformations between 
them. "This certainly isn't present in 
every UML tool, and there's no watering 
down [of MDA]. These criteria really do 
help distinguish MDA tools from those 
that are merely trying to coat-tail on the 
recognition MDA is getting." Watson 
added that he hopes UML vendors will 
work with external repositories and 
transformation engines so that the whole 
tool chain meets MDA criteria. 

The OMG, though, needs to look 
beyond the criteria necessary to certify a 
vendor is MDA compliant and address 
the issue of why adoption of MDA has 
been so slow, particularly in the United 
States. Perhaps it's the complexity of 
metamodels and meta-metamodels, and 
transforming the models along the path 
to code generation and execution. Per- 
haps it's the fact that in most IT shops, 
software development has not yet 
matured into an engineering practice 
that requires intensive up-front design 
and modeling. 

Anything the consortium and its mem- 
bers can do to unclutter the terminology 
and criteria for implementing an MDA 
solution would remove much of the con- 
fusion that exists in the marketplace. I 

David Rubinstein is editor of SD Times. 
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Research firm IDC predicts worldwide IT spending will reach US$1.2 trillion by 
2008, due to an improving business environment and recent gains in the U.S. 
gross domestic product. "Banking, discrete manufacturing and government stand 
out as the largest IT buyers," said Anne Lu, an IDC research manager. IDC's 
research also indicates worldwide software spending will reach $213 billion this 
year, growing at about 7 percent from 2004, and that spending on IT services 
worldwide will reach $423.8 billion this year. In the U.S., software spending is 
expected to hit $106 billion this year . . . License compliance software vendor 
Black Duck Software and open-source development solution provider CollabNet 
have announced a technology and marketing alliance that will allow CollabNet 
developers working with open-source software to make sure they are not violat- 
ing any intellectual property rights associated with that code. "Our alliance with 
Black Duck will enable us to provide our customers with license compliance and 
awareness during the application development cycle, allowing distributed teams 
to productively use open-source software while avoiding costly mistakes," Brian 
Behlendorf, founder and CTO of CollabNet, said in a statement . . . Application 
life-cycle management solution provider Seapine Software and Java IDE vendor 
JetBrains have integrated Seapine's Surround SCM code management tool with 
JetBrains' IntelliJ IDEA 4.5 development environment. The integration will allow 



developers to access the source code, and check out, get and share files from 
within the IDE, the companies said. 

EARNINGS: Enterprise data integration tool provider Ascential announced 
2004 revenue of US$271.9 million and net income of $15 million. The yearly rev- 
enue was up 46 percent from the $185.6 million brought in in 2003, while net 
income was slightly down from the $15.8 million recorded in 2003 . . . XML data- 
base management software provider Raining Data reported revenue of US$5.7 
million for its fiscal third quarter of 2005. The company posted an operating loss 
of $40,000, or 1 cent per share, during the quarter. Revenue for the quarter held 
almost steady from the same quarter in fiscal 2004, when $5.8 million was report- 
ed. For the nine months concluded Dec. 31, 2004, the company reported revenue 
of $16 million, off slightly from the $16.6 million reported for the same nine-month 
period in fiscal 2003 . . . Mercury reported revenue of US$685.5 million for the 
year ended Dec. 31, 2004, which the company said reflects growth of 35 percent 
over 2003. Net GAAP income for the year was $84.6 million, or 83 cents per share, 
compared with $41.5 million, or 41 cents per share, for 2003. For the fourth quar- 
ter of 2004, Mercury announced revenue of $204.3 million, up from $152 million 
from the same quarter in 2003. 1 
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■ Dbje^Driveii Testing 



PeiTorma nee and Mem orv 

Profiling 



AQtime 

■ Manac.Ec/UnmanagedApplicaljon5 
* Performance Analysis 

■ Test Coverage 

■ Memory Analysis 

■ Line- -eve Precision 

■ Microsoft Visual Studio NET 
lnteg r a"JDn 



SI) Times 



2004 



100 



Issue Tracking and Project 
Managment 



AQdevTeam 



Configurable WorkFows 
Configurable Fields 
Configurable Ferns 
Scnptab e Mac r as 
Email Ncificalions 
Web Interface 
Windows Innate 



Build Automation and Release 
Managnaat 



Automated 
Build Studio 

■ Vsual l/acro Builder 

* Ertensde Actions 

■ S^heduec Bu-lds 

* Test Integra-ton 

* ssue Track ng Integration 

- MtewsQfc Visual StJd.o NET 
nSegratar 




nl. ■ ■ kJi 








REAPERS' 
CHOKC 

AWARD 
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flutomatedQfl 

www, automated qa ,com 



(702)891-9424 

All AutamfliiKJGA products include a 60 day meruy-baefc guarantee 



